David Moschella has found the new focus of computer industry 
innovation - at the Consumer Electronics Show. PAGE 20 
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vendor look more like his old employer, IBM. PAGE 7 
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CEOs and CFOs increasingly rely on the 
ll department to help them comply with 
Sarbanes-Oxley and other regulations. It’s 
a high-profile job, but there's a flip side: IT 
may be blamed for compliance disasters. 


By Thomas Hoffman. PAGE 35 
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Disks in Short Supply, 
Hardware Vendors Say 


IBM, EMC confirm shortage of hard drives; 
problem may not be resolved until midyear 


| BY LUCAS MEARIAN 


AND PATRICK THIBODEAU 


| IBM and EMC Corp. last week 


became the second and third 
large hardware vendors to re- 
port a disk drive shortage, and 


| market research firm IDC said 


it expects delays in server ship- 


| ments resulting from the scar- 


city to continue through this 
year’s second quarter. 

Ron Clarke, director 
of commodity procure- 
ment for IBM’s inte- 


ply of disk drives “is a 


| little bit tight right 


now.” The shortage is 
industrywide and has 


Oracle Layoffs 
Spark Fears of 


Support Gaps 
PeopleSoft users lose 
sales, service reps 


BY MARC L. SONGINI 
Oracle Corp.’s layoff and re- 


| structuring plans following its 
| acquisition of PeopleSoft Inc. 


are raising concerns among 
PeopleSoft customers as the 
employees they’re used to 
working with vanish. 

Since the $10.3 billion trans- 
action closed earlier this 


| month, Oracle has revealed 


plans to lay off 5,000 workers, 


been exacerbated because 

all the major drive suppliers 
launched upgraded versions 
of their products in the fourth 


| quarter, he said. 


Clarke added, though, that 
IBM saw the disk drive short- 


| age coming and ordered addi- 
| tional stock to protect itself 
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| last week that they’re already 
| finding the transition some- 


| week, six were experiencing a 


and its customers. He said he’s | 

optimistic that the sup- | 
i ply problem will be re- 
solved in the next 30 to | 
60 days. 

But EMC warned 
that higher disk prices 
caused by the supply 
shortfall are likely to 
cut into its profit mar- 
gins during the first 


primarily from PeopleSoft. 

And although Oracle execu- 
tives assured customers that 
about 90% of PeopleSoft’s 

support and development staff | 
would remain to avoid service | 
disruptions, several users said | 


what problematic. 
Of 17 users interviewed last 


negative impact from the lay- 

offs. Three others are in limbo, 

having had no contact from 
Oracle, page 14 
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For full coverage of Oracie’s acquisition 

of PeopleSoft and its aftermath, go to: 
QuickLink 23320 
www.computerworld.com 


half of the year. “My experi- 
ence shows me you kind of get 
through these things in a six- 
month period,” CEO Joe Tucci 
said during EMC’s fourth- 
quarter earnings conference 
call last Tuesday. “We'll see 
how that goes.” 

The acknowledgements of 
a shortage by IBM and EMC 
came after Computerworld re- 
ported that some server ship- 
ments by Hewlett-Packard Co. 
were being delayed because 

Disk Drives, page 16 


Deploy VoIP 


With Care, 


Feds Warn 


NIST says networks 
could be vulnerable 


| BY MATT HAMBLEN 
| The National Institute of Stan- 
| dards and Technology is urg- 


ing federal agencies and cor- 
porate users to be careful 
about deploying voice-over-IP 


| technology because of net- 
| work security concerns. 


The cautionary note in a 99- 
page report issued by NIST 


| this month prompted one net- 


working analyst to compare 
the report’s authors to Lud- 
dites. But an executive from 


| Cisco Systems Inc. said NIST’s 


security recommendations are 
in line with the advice Cisco 


| gives its VoIP customers. 


NIST made nine recom- 
mendations for implementing 
VoIP, page 45 
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HAVE A GUT FEEL FOR THE ACQUISITION 
COSTS OF LINUX VS. WINDOWS? 
HERE'S A DETAILED ANALYSIS. 





Source: BearingPoint, 2004 
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@ Windows Server 2003 Full Support (24x7): 10% of servers are Enterprise Edition, 90% Standard Edition 
3 Red Hat Full Support (24x7): 100% of servers are AS Premium 
Z Red Hat Limited Support: 10% of servers are AS Premium (24x7), 90% ES Standard (12x5) 


(4 Novell's SUSE Linux (24x7): 10% of servers are Enterprise Server, 90% Standard Server 
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A recent study of licensing and support costs conducted by BearingPoint, 
a leading independent consulting firm, found that these acquisition costs 
for Windows Server™ 2003 are comparable to Red Hat Enterprise Linux or 
Novell's SUSE Linux Enterprise Server “despite the common perception that 
Linux is free or very inexpensive.” However, if you require full 24x7 phone 
support on all servers, licensing and support for Windows Server 2003 can 


cost up to 73% less than Red Hat Enterprise Linux* over five years. 


For the full study, visit microsoft.com/getthefacts 
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Windows 
Server System 


*Red Hat Full Support (24x7) estimates based on case where 100% of servers are Enterprise Linux AS Premium. Red Hat Limited Support estimates are based on case where 10% of servers are Enterprise Linux AS Premium (24x7 phone 
support) and 90% are Enterprise Linux ES Standard subscriptions (9 a.m.-9 p.m. EST M-F phone support). Windows Server estimates are based on case where 10% of servers are Windows Server 2003 Enterprise Edition and 90% are 
Windows Server 2003 Standard Edition (24x7 phone support on all). This study was commissioned by Microsoft. © 2005 Microsoft Corporation. All rights reserved. Microsoft, Windows, the Windows logo, Windows Server, and Windows 
Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners 








JUST BECAUSE THE SYSTEM IS DOWN | 
-DOESN’T MEAN THE PEOPLE USING IT SHOULD BE. 


Constant, uninterrupted access to critical data, systems and people. Even when something goes wrong. That’s Information Availability. And one of the 


best ways to virtually guarantee Information’ Availability is by running your olcofelte tele osuih mee of our facilities. You: manage your applications and 
data while SunGard Availability Services hélps to ensure that the. infrastructure and technical support you need is always on. SunGard can offer a secure 
and scalable Paonia ata lower. operational Ros ano production. Plus we have over 60° state-of-the-art hardened facilities with network, 


power and equipment redundancies that are unparalleled. For a free copy. of the IDC White | Keeping People 
; SUNGARD tare ea raeneten) 
Paper: “Ensuring Information Availability’ visit www.availability.sungard.com/idcwp. Availability Services | Connected. 
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Rx for Better Health Care 


in the Technology section: Electronic health 
records could transform health care, but the 
technology and finances to to support them 
are years away from being in place. Page 23 
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The Blame Game 

In the Management section: Sick of watching 
multiple vendors point their fingers at one 
another while your system woes goes unfixed? 
Here’s how to get them to cooperate. Page 38 





TECHNOLOGY §=§=—s=OPINIONS 


Sun starts releasing its open- On the Mark: Mark Hall re- 


source Solaris code. 


CA remakes itself in IBM’s 
image by moving toward a sim- 
ilar business-unit structure. 


Security tools that monitor 
outbound messages for confi- 
dential data are starting to be 
upgraded with features that 
let them block suspicious 
e-mail. 


Linux cash registers are ring- 
ing up savings for Hannaford 
Bros. grocery stores. 


An ADP software glitch caus- 
es auto body shops to under- 
estimate repair costs. 


Scalability needs are prompt- 
ing some users to re-evaluate 
their mix of business intelli- 
gence tools. 


Global Dispatches: France 
Telecom bails out data com- 
munications services provider 
Equant; and the Philippine 


government launches a system 


that lets business owners pay 
their annual registration taxes 
via cell phone. 


IBM, HP, Sun and Intel will 
work to improve the open- 
source Globus Toolkit, a key 
grid computing technology. 


IBM tones down its rhetoric 
about plans for a company- 
wide Linux desktop rollout. 


45 Three U.S. lawmakers say 


IBM's sale of its PC unit to 
China’s Lenovo Group may 
threaten national security. 


and more companies are turn- 
ing to application monitoring 
software to help ensure that 
critical systems stay up and 
running around the clock. 


: 28 Future Watch: Simulating 


Fallujah. New technologies 
like ultrafast graphics engines 
and intelligent agents are 
making the military’s battle- 
simulation training tools 
frighteningly realistic. 


: 30 Security Manager’s Journal: 


A Detour into the Streaming 
Media. C.J. Kelly finds herself 
in a new job and has to pick 
the right projects to make 
herself known. 


MANAGEMENT — 


: 35 The Sarb-Ox Shift. New reg- 
: ulatory requirements like 
those in the Sarbanes-Oxley 
Act have raised the CIO’s cor- 
porate profile, but have they 
enhanced his authority or 
usurped it? The jury’s still out. 


: 37 Heading Off Hackers. IT 
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security intelligence services 
can give you the information 

you need to stay a step ahead 
of malicious hackers and pri- 

oritize threats — but it comes 
at a hefty price. 


39 Book Reviews: Return on 


Software. Thomas Hoffman 
takes a look at four new books 
on IT projects that cover top- 
ics such as pumping up ROI, 
requirements-led planning 
and rescuing projects from 
failure. 


: 26 ‘An Eye on Your Apps. More : 8 


ports that Oregon’s politicians 
want to make the state a 
haven for companies that use 
open-source technologies. 


20 Don Tennant is disquieted by 


HP’s failure to maintain what 
had been a praiseworthy 
transparency with respect 

to server shipment delays. 


20 David Moschella has found 


the new focus of computer 
industry innovation — at the 
Consumer Electronics Show. 


Pimm Fox calls for the Bush 
administration to use a simple 
technology to reduce the risks 
related to trains carrying haz- 
ardous cargo through cities. 


32 Robert L. Mitchell offers 


practical advice on how to 
make sure erased data on re- 
tired computers stays dead. 


40 Tom Hickey cautions senior 


executives to stay involved in 
outsourcing decisions, even as 
the practice starts to seem like 
business as usual. 


46 Frankly Speaking: Frank 


Hayes says OpenSolaris offers 
some serious competition in 
open-source operating sys- 
tems — and in the way open- 
source is done. 





DEPARTMENTS/RESOURCES 
At Deadline Briefs 


IT Careers 
Company Index 
How to Contact CW 
Shark Tank 


Plan Now for Longhorn’s Arrival 
OPERATING SYSTEMS: Two Avanade consul- 
tants offer tips on how you can prepare for 
Microsoft's operating system overhaul. 


@ Quicklink 52090 


Re-examining Your 

Career 

CAREERS: Columnist Stefano M. Stefan 
points out that there are new job opportuni- 
ties to be found in the midst of the current 
IT outsourcing trend. Two worth noting: 
systems and business analysts. 


@ QuickLink 52010 


No Agreement on Oath 

SECURITY: The Open Authentication Initia- 
tive’s efforts to create industry standards for 
stronger and cheaper authentication are get- 


ting mixed reviews. @ QuickLink a5380 


In the Driver’s Seat? 


STORAGE: Forces are afoot that will help you 
take control of your vendors and product 
acquisitions, says Storage Networking 
World Online columnist Jon William Toigo. 
© QuickLink 25390 


ing for New Allies 
DEVELOPMENT: PixelMedia’s Thomas Obrey 
explains how to successfully outsource a 
development project using open communi- 
cation, a well-defined scope and clear expec- 


tations. @ QuickLink a5370 


ONLINE 
DEPARTMENTS 


Breaking News 
@ QuickLink a1510 
Newsletter 


What's a QuickLink? 


pointing to related content on 
our Web site. Also, at the end of 
pein arth 
= online facilitates sharing it 
into the Quick- 


Subscriptions 
@ QuickLink a1430 
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Mapics Acquired 

in $350M Deal 

infor Global Solutions plans to buy 
Mapics Inc., a publicly held maker 
of manufacturing applications, for 
just under $350 million in cash. 
Infor, a privately held developer of 
ERP and supply chain software, 
said the combined company will 
have more than 17,500 customers 


in over 70 countries. The deal is 
expected to close this spring. 


Microsoft Profit, 
Sales Up in Q4 


Microsoft Corp. reported today 
that its fourth-quarter profit more 
than doubled and that revenue 
rose 7% over the previous year. 
“Our record revenue came from 
across-the-board strength in both 
our business and consumer seg- 
ments,” said John Connors, chief 
financial officer at Microsoft. 


MICROSOFT BY THE NUMBERS 
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Crystal Reports 
Added to BI Tool 


Business Objects SA this week 
will reveal plans to include a new 
version of the Crystal Reports re- 
porting tool in its Business Ob- 
jects XI business intelligence soft- 
ware. Crystal Reports XI will fea- 
ture support for Java developers 
and more support for end-user 
customization. The new version 
also includes a virtual workbench 
to organize reports. 


Siebel Announces 
Upbeat Results 


Siebel Systems Inc.’s fourth- 
quarter results showed year-over- 
year growth in both revenue and 
income for the first time in more 
than three years. Revenue in the 
quarter rose 7%, while net in- 
come increased 32%. 
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Sun Begins Its Release of 


pen-Source Solaris Code 


Says full distribution is due by midyear; 
backers eye new drivers, hardware ports 


BY PATRICK THIBODEAU 
UN MICROSYSTEMS Inc. 
hopes that open-source 
Solaris will draw in 
new developers, new 

users and new growth oppor- 

tunities. But the initial focus 
of the initiative may be more 
prosaic: device drivers. 
Drivers aren’t sexy technol- 
ogy, but they’re often cited by 

Sun, third-party developers 

and users as an obvious devel- 

opment target for the open- 
source effort, which Sun made 
official last week by releasing 

a piece of the Solaris code un- 

der a royalty-free license. 

Brian Conlon, CIO at How- 
rey Simon Arnold & White 

LLP, a Washington-based inter- 

national law firm, sees expand- 

ed driver support for peripher- 
al devices as a plus. But Conlon 
said he isn’t sure what else 
open-source Solaris may bring 
for users. The Unix operating 
system’s kernel “is such a ma- 
ture product now that I can’t 
really see what open-source 
will add to it,” he said. 

Conlon added that he will 
withhold judgment on Sun’s 





| 


open-source effort until all the 
code is released under its 
Common Development and 
Distribution License, which is 
expected around midyear. But, 
he said, “I would go to open- 
source Solaris before Linux 


| * * 7.9 
because of who is behind it. 


Getting Started 

Ben Rockwood, a systems ad- 
ministrator at Homestead 
Technologies Inc., an Internet 
services company in Menlo 
Park, Calif., said the open- 
source Solaris code will make 
his job easier. “Now those of 
us who are working with So- 
laris every day on the job can 
actually access and increase 
the functionality of the sys- 
tem,” he noted. 

Rockwood was part of a 
group of about 60 Solaris 
users, developers and consul- 
tants that Sun organized to 
provide feedback on the open- 
source plan and its licensing 
model. The group will form 
the nucleus of the new open- 
source community around So- 
laris, participants said. 

Scott McNealy, Sun’s chair- 





Sen eho) emer crc) 
license is based on the Mozilla 
Public License and has been 
ETc en MUR Oecums tlt gc) 
Initiative’s board of directors. 


The company has set up a 
community Web site at www. 
opensolaris.org that will be the 
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source developers free access 
to more than 1,600 Solaris- 
related patents. 


man and CEO, said he hopes 
open-source Solaris will pick 
up a momentum of its own 
and help expand interest in 
the operating system. But he’s 
uncertain about exactly how 
that will occur. “We just don’t 
know where it will go,” Mc- 


Nealy said in a teleconference. 


“We hope we get surprised.” 
Solaris may turn up on 
IBM’s Power chip architec- 
ture, used in desktop systems 
as well as servers, according 
to Dennis Clarke, director of 
Blastwave.org, a not-for-profit 
group in Cobourg, Ontario, 
that distributes open-source 





software for Solaris. “That is 
the kind of thing that you have 
every reason to expect to 
emerge,” he said. 

Clarke was a member of 
Sun’s advisory group, as was 
Rich Teer, a Unix consultant 
in Kelowna, British Columbia, 
and author of the book Solaris 
Systems Programming (Pren- 
tice Hall, 2004). 

Teer said he strongly be- 
lieves that open-source devel- 
opers will give Solaris expand- 
ed reach. Like any vendor, Sun 
has finite resources, he said. 
But if new peripherals emerge 
that open-source developers 
think should be supported in 
Solaris, “there is an opportuni- 
ty for the community to write 
their own drivers,” Teer said. 

The first part of the code re- 
leased under the open-source 
license is Solaris Dynamic 
Tracing, or DTrace. DTrace is 
a new feature in Solaris 10 that 
lets users examine the interac- 
tion of an application with the 
operating system using live 
code. @ 52244 


OPEN-SOURCE FOES 


OpenSolaris and Linux are two very 
dissimilar ways of doing open-source, 
and that should be good for users, says 
Frank Hayes. See page 46. 


Sun Increases Price of Middleware but Adds Scaled-Down Versions 


SUN this week plans to an- 
nounce that it's adding two Java 
development tools to its Java 
Enterprise System middleware 
stack and raising the price of the 
full suite. But it will also start al- 
lowing users to buy smaller and 
less-expensive sets of JES com- 
ponents targeted at specific busi- 
ness needs. 

The price of the full version of 
JES will increase from an annual 
fee of $100 per seat to $140 per 
seat, an increase that affects 
only new users. Existing cus- 
tomers will continue to be cov- 


ered under their current con- 
tracts, according to Sun, which 
said it has sold licenses for about 
413,000 JES seats thus far. 

Sun is creating five scaled- 
down JES suites that will cost 
$50 per seat annually. For in- 
stance, the Java Application 
Platform Suite includes the en- 
terprise edition of Sun’s applica- 
tion server software, plus its Web 
and portal servers and the Java 
Studio Enterprise and Creator 
development tools that the com- 
pany is adding to JES. Other tai- 
lored suites address system 


availability, communications, 
identity management and Web 
infrastructure, Sun said. 

John Rymer, an analyst at For- 
rester Research Inc., said that 
even with the price increase on 
the full version of JES, Sun's per- 
seat pricing is inexpensive com- 
pared with the cost of competing 
products. 


But Rymer said the new, 
smaller suites solve a problem 
that Sun had with users who 
were interested only in some JES 
features. “There are many cus- 
tomers that will view the extras 


not as goodies but as baggage, 
so the new packaging basically 
makes it more convenient for 
them to buy,” he said. 

The price increase and the 
new offerings will be detailed as 
part of Sun's quarterly product 
launch. In justifying the price in- 
crease on the full JES bundle, 
Joe Keller, vice president of mar- 
keting for Java Web services 
and tools at Sun, said last week 
that the company is adding in a 
lot of value with the Java devel- 
opment tools. 

~ Patrick Thibodeau 
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CA Remaking Itself in IBM’s Internal Image 


CEO-elect plans business-unit structure | “From my personal 
similar to the one at former employer 


BY MATT HAMBLEN 

John Swainson, who was 
brought in to run Computer 
Associates International Inc. 
two months ago, is restructur- 
ing the software maker along 
the same business-unit lines 
used at IBM, where he worked 
for 26 years before joining CA. 

Swainson, CA’s president 
and CEO-elect, revealed the 
restructuring in an e-mail to 
employees on Jan. 2] and dis- 
cussed it in a conference call 
with financial analysts last 
week, after CA reported its 
third-quarter results. 

The business-unit structure 
“has proven itself as an indus- 
try model for how to distrib- 
ute products,” Swainson said. 
The internal changes will 
“make us more effective from 
a development point of view 
and more aligned with mar- 
keting and sales,” he added. 

Few details of the new 


structure have been revealed, 
although a CA spokeswoman 
said that the reorganization 
will give product development 
executives responsibility for 
profits and losses company- 
wide. The new units would fo- 
cus on a broader range of 
products instead of just a sin- 
gle software brand, she said. 
The business units will pre- 
sumably create packages of 
products and ensure 
that the bundled 
software can work 
together, said Mark 
Ehr, an analyst at En- 
terprise Manage- 
ment Associates Inc. 
in Boulder, Colo. 
“Conceptually, dif- 
ferent parts of CA 
would work together 
as a team, while 
right now, very little 
cross-collaboration 
goes on,” Ehr said. 


Users Eye Tools for Blocking 
Rogue E-mail Transmissions 


Vendors add quarantine features to 


apps for monitoring outbound messages 





BY JAIKUMAR VIJAYAN 
Concerns about insider abuse 
of corporate information are 
spawning a market for securi- 
ty tools that can inspect out- 
bound network traffic for 
unauthorized uses of data 
such as customer account 
numbers, health records and 
intellectual property. 

And last week, San Fran- 
cisco-based Vontu Inc. added 
a new twist when it announced 
upgraded software that not 
only monitors communica- 
tions for leaks of confidential 
data but also blocks e-mail 
messages containing such in- 
formation from leaving corpo- 
rate networks. 

Like rival products, Vontu 
4.0 uses a combination of ex- 
act data matching, contextual 





analysis and predefined poli- 
cies to alert administrators 
when protected information is 
illegally transmitted via e-mail, 
instant messages, news lists or 
chat rooms. The tools store 
copies of suspect messages for 
further analysis. 

But simply monitoring 
e-mail and saving messages 
with questionable content 
doesn’t stop those messages 
from being sent. So Vontu 4.0 
also has the ability to redirect 
or quarantine suspicious 
e-mail. “We've always had the 
point of view that the market 
will go from monitoring prod- 
ucts to blocking products,” 
said Michael Wolfe, Vontu’s 
vice president of engineering. 

A West Coast-based finan- 
cial services firm has started 
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experience, you can 
have a salesperson 
go really into detail 
on their own brand 
with very little visi- 
bility into other 
things CA sells. This 
will break down the 
fiefdoms.” 

The business-unit 
concept sounds like 
a positive development, said 
Jeff Jenson, an information 
systems analyst at United De- 
fense LP in Arlington, Va. 
“Since IBM has been 
around a long time 
and has done really 
well, maybe it makes 
sense,” he said. 

United Defense 
uses CA’s Unicenter 
Desktop DNA soft- 
ware and is doing re- 
search on some of 
the vendor’s other 
products. Joe Loo- 
beek, lead informa- 
tion systems analyst 
at United Defense, 


ARTZT was named 
executive VP of 
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implementing the blocking 
function on outbound e-mail 
messages, said the company’s 
chief security officer, who re- 
quested anonymity. 

“The capability of seeing 
what is happening is useful,” 
he said. “But we're looking 


| ahead to being able to actually 


interdict these messages be- 
fore they get out.” 

Being able to stop messages 
that violate corporate data 
policies could be useful in a 
regulated industry such as 
health care, said Sharon Fin- 
ney, information security ad- 
ministrator at DeKalb Medical 
Center in Lithonia, Ga. 

The hospital is using soft- 
ware from Englewood, Colo.- 
based Vericept Corp. to make 
sure that protected health in- 
formation isn’t being illegally 
transmitted out of its net- 
works. The technology flags 
roughly 15,000 “events” every 


| day, according to Finney. 


But whether blocking tools 
really work will depend on the 
accuracy with which such 





said in a separate in- 
terview that having 
CA's product units 
working in better 
harmony could only 
be advantageous for 
users. “If the busi- 
ness units are 
friendlier and not as 
cutthroat, it would 
be good for cus- 
tomers,” he said 

But Harry Butler, support 
center manager at electronics 
supplier EFW Inc. in Fort 
Worth, Texas, is less con- 
cerned with the reorganiza- 
tion than he is with CA's prod- 
ucts and customer servi 
“They can change everything 
they need to in their corporate 
world, and if they keep provid- 
ing me quality products and 
extreme quality of service, 
that’s my bottom line,” he said. 
“If they don’t provide that, I'll 
find another vendor.” 

In his e-mail to employees, 
Swainson said CA co-founder 
Russell Artzt was named exec- 
utive vice president of prod- 


technologies can identify 
rogue messages while allow- 
ing legitimate e-mail traffic to 
pass through unhindered, 
Finney said. “Finding that bal- 
ance is crucial,” she noted. 

Perpetual Entertainment, a 
San Francisco-based develop- 
er of multiplayer online 
games, uses network monitor- 
ing technology from Tablus 
Inc. in San Mateo, Calif., to 
protect its source code from 
being stolen, as happened to 
one of its gaming rivals. 


if you block 
something 
that’s supposed to 


go out and you don’t | 
know about it, you’re | 


going to have some 


pretty unhappy 
customers. 


MARK RiZZO, VP OF TECHNOLOGY 
PERPETUAL ENTERTAINMENT 
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ucts as part of the reorganiza 
tion. Artzt has been running 
CA's eTrust security software 
unit, and he will continue 
serving as head of that opera 
tion. But all product develop- 
ment units now report to 
Artzt, Swainson said. 

Mark Barrenechea, who had 
been CA's top product devel- 
opment executive, was named 
executive vice president of 
technology strategy and chief 
technology architect. Swain- 
son said Barrenechea will 
work with him and Chief Op- 
erating Officer Jeff Clarke to 
“take the lead role in driving 
CA's technology and merger 
and acquisitions activity.” 

Ehr said Barrenechea’s new 
job indicates that CA “is mov- 
ing into an acquisition role” 
more so than in the recent 
past, when it was dealing with 
an accounting scandal that led 
to the ouster of former CEO 


Sanjay Kumar. @ 52225 


MORE ONLINE 


For additional coverage of Computer 
Associates, visit our Web site 


QuickLink a1640 
www.computerworld.com 


Adding a biocking function, 
while useful, would also mean 
dedicating workers to look at 
blocked messages, said Mark 
Rizzo, Perpetual’s vice presi- 
dent of technology. “If you 
block something that’s sup- 
posed to go out and you don’t 
know about it, you’re going to 
have some pretty unhappy 
customers,” he said. 

Vericept CEO Terry Larrew 
said his company plans to add 
support for quarantining sus- 
picious traffic later this year. 

But vendors of data moni- 
toring tools must ensure that 
their products don’t end up 
like intrusion-detection tools, 
which fell out of favor with 
users because of their tenden- 
cy to generate very large vol- 
umes of alerts, said Trent 
Henry, an analyst at Burton 
Group in Midvale, Utah. 

“False positives aren’t a very 
big issue when you're only 
monitoring,” he said. “But 
there’s going to be a dramati- 
cally higher concern [with 


blocking].” @ 52247 
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Zend aeons Funds 
From Intel, SAP 


Zend Technologies Inc., developer | 


of the open-source PHP Web 
scripting language, has received 
investments from Intel Capital and 
SAP Ventures. Zend will use the 
funds to build an infrastructure 

to support PHP in the enterprise. 
Terms weren't disclosed. 


ROAR SE EN BNE SEES NE EME AIOE 


IBM Buys Service | 
Provider for $182M | 


IBM has agreed to acquire Corio 
Inc., an enterprise application 
services provider, for $182 million 
in cash. IBM said the deal is part 
of an effort to strengthen its 
application services portfolio. 
Corio’s chief executive, George 
Kadifa, will continue to manage 
the Corio unit and will gain re- 
sponsibility for IBM’s application 
services initiative. Corio workers 
will become IBM employees. 


PalmOne CEO to 
Resign Next Month 


Todd Bradley will resign next 
month as CEO at PalmOne Inc. 
but will stay on in a consulting ca- 
pacity until May. Bradley said he 
is leaving to pursue other chal- 
lenges. Bradley was named CEO 
in October 2003, when PalmOne 
spun off Palm OS developer Paim- 
Source Inc. and acquired Hand- 
spring Inc. Ed Colligan, currently 
PalmOne’s president, will become 
the interim CEO. 


Sybase Reports 
Improving Revenue 


Sybase Inc. reported that its rev- 
enue increased during the fourth 
quarter of 2004 compared with 
the year-earlier quarter, while net 
income declined. Sybase credited 
increased demand for mobile and 
data management software for 
the revenue increase. 


SYBASE BY THE NUMBERS 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY GOSSIP BY MARK HALL 


n-Source Gnaws 


Its Way Into. . . 


. .. the heart of Oregon’s economy. And politicians in the 
Beaver State certainly like it. Rob Drake, the mayor 
of Beaverton, Ore., thinks so much of open-source 
software that he helped spearhead the city’s $1.2 mil- 
lion investment in the brand-spanking-new Open 
Technology Business Center (OTBC), which was 
unveiled last week with modest fanfare, including a 
speech from Gov. Ted Kulongoski. The state’s chief 


executive brags that 
the greater Portland 
area is already home 
to Open Source De- 
velopment Labs Inc. 
(OSDL) and a grow- 
ing handful of ven- 
dors that use Linux, 
PHP, MySQL and 
many other freely 
licensed technologies. 
“Our region’s soil is 
rich in open-source 
ingredients,” Kulongoski says, 
adding that he’s “dedicated to 
making open technology a 
key factor in Oregon’s econo- 
my.” Stuart Cohen, OSDL’s 
CEO, points out that Linus 
Torvalds, the inventor of Lin- 
ux and the crown prince of 
the open-source movement, 
now calls Portland his home. 
LaVonne Reiner, executive di- 
rector of the OTBC, says the 
facility will incubate “ven- 
tures in residence,” fund indi- 
vidual research and house the 
Open Technology Executive 


KULONGOSKI 
“Our region’s 
te Mein 
Cy eeumerel ge 
Title a 





Institute. She says the 
latter will be a part- 
nership with a uni- 
versity, which will be 
named within two 
months, to teach an 
open-source curricu- 
lum to business lead- 
ers, consultants and 
lawyers. The OTBC 
has already lured its 
first venture in resi- 
dence. Ryan Lucas, 
CEO of Stunt Computing 
LLC, says his company is 
abandoning Chesapeake, Va., 
for the open-source-friendly 
Pacific Northwest. Lucas is 
mum about what his new 
product will be, saying only 
to expect a bundle of hard- 
ware and software based on 
open-source technology. Not 
everyone is delighted with 
the OTBC, though. Russ 
Walker, northwest director at 
Citizens for a Sound Econo- 
my, an advocacy group affili- 
ated with former Congress- 





men Dick Armey, Jack Kemp 
and other conservative Re- 


| publicans, decries the city’s 


investment in the OTBC. 
“It’s a bad idea to let govern- 
ment choose winners and 
losers in technology. Let the 
market do it,” Walker gripes. 
Some of the folks across the 
border in Redmond, Wash., 
might agree. 


Clusty takes on 

the “big boys”... 

... in the search-engine wars. 
If you’re bewildered by end- 
less lists of unorganized links 
to your search requests, give 
Clusty a shot. It’s the brain- 
child of some brainy Car- 
negie Mellon University 
denizens who founded Pitts- 
burgh-based Vivisimo Inc. 
According to CEO Raul 
Valdes-Perez, the company 
has been shipping its Velocity 
Suite enterprise-class search 
and categorization tools for a 
couple of years to the likes of 
the National Security Agency 
and the Defense Intelligence 
Agency. Now Vivisimo has 

a beta of its search engine 
available at www.clusty.com 
for nonspooks. The speedy 
search tool clusters results 
into numerous categories, 
making it much easier to fer- 
ret out information gems. 
For example, a search on 
“Super Bowl” yields a long 
list, as you’d expect, but also 
more than 10 groupings, such 
as Super Bowl history, betting 
and ads. In addition, Clusty 
includes thumbnail images 
from www.wikipedia.com 
with selected results, which 
breaks up pages and makes 
them easier to read. “It is 


time to move 


away from 
disorganized 
Milliseconds 
etree) 


lists of in- 
complete a 


formation,” 
Valdes-Perez 
Clusty.com 
category- 


says. But can a 

small start-up 

really take on 
aie the likes of 
Google, Ya- 





hoo, Lycos and Ask.com? 


| Certainly, Valdes-Perez 


boasts. Categorization, 

he says, “makes us a full- 
featured alternative to the 
big boys.” 


Control the corporate 
RSS feeding frenzy. . . 


. .. with Enterprise Syndication 


| Server (ESS). Managing inter- 


nal consumption of informa- 
tion based on the Real Simple 
Syndication (RSS) standard 
will get a bit easier later this 
quarter when KnowNow Inc. 
in Sunnyvale, Calif., releases 
its new software. Ron Ras- 
mussen, KnowNow’s vice 
president of product develop- 
ment, claims that by using 
ESS, “IT can control the RSS 
information accessible to 
employees.” That may seem 
Draconian, even un-Ameri- 
can, but he argues that the 
IT infrastructure inside large 
companies can become 
bogged down when thou- 
sands of employees subscribe 
at will to the 
hundreds of Wt 
thousands of 
RSS feeds 
available on- hash rate 
line. Ras- ply 
for RSS 
mussen says Aon ae 
that ESS can  ARieckeda 
be incorporat- 
ed easily into company por- 
tals and that it integrates with 


| Lightweight Directory Access 


Protocol authentication 
schemes, provides auditing 
and logging reports, and cen- 
tralizes control of the RSS 
feeds permitted into net- 
works. Perhaps more intrigu- 
ing to IT developers, ESS 
lets you link corporate appli- 
cations into an RSS feed so 
employees interested in get- 
ting dynamic data, such as 
reports on sales or manufac- 


| turing yields, can subscribe 


to information based on their 
roles. Rasmussen says no 
client code or browser plug- 
ins are necessary. Pricing has 
yet to be determined. 


@ 52193 





What’s the power behind 
the server platform of choice? 


64-bit Intel’ Xeon processors. 


nazing thinas for 


Support for Improved Flexible memory, 
32- and 64-bit power-saving V/O and storage 
applications options configurations 


intel. 
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Grocer Rings Up Savings 
With Linux Cash Registers 


Hannaford nears end of POS project, 





BY THOMAS HOFFMAN 
SCARBOROUGH, MAINE 
ANNAFORD Broth- 
ers Co. has already 
received productiv- 
ity and cost-avoid- 
ance windfalls from an ongo- 
ing point-of-sale system re- 
placement project that will 
cost between $10 million and 
$20 million, executives at the 
grocer said last week. 

The new Linux-based POS 
systems have been installed in 
about two-thirds of the com- 
pany’s 140-plus supermarkets 
in New England and New 
York. Hannaford Bros., a divi- 
sion of Brussels-based Del- 
haize Group, expects to com- 
plete the implementation of 
the thin-client systems by Oc- 
tober, said CIO Bill Homa. The 
systems, which are supported 
by 12 vendors of servers, soft- 
ware, printers and other pe- 
ripheral devices, replace 15- 
year-old Fujitsu Ltd. technolo- 
gy based on OS/2 Version 1.3, 
according to Homa. 

The Fujitsu software is “sol- 
id as a rock,” said Homa. But it 
has limitations because it can 
run only as fast as a 166-MHz 
Pentium processor, he said. 
That plus Fujitsu’s decision to 
halt support for the OS/2- 
based POS system prompted 
the grocery chain to launch a 
replacement strategy in 2001. 


Vendor Support Push 


As part of the move to a thin- 
client architecture, Homa and 
his team hope to eventually 
run all 40 store applications, 
such as its pharmacy and 
video-rental systems, on a sin- 
gle Linux server. Right now, 
those applications run on a 
mix of mainframe, Unix and 
Windows servers with links to 
the Linux terminals installed 
in the stores. 

One of the constraints of the 





server plan, said Homa, is that 
Hannaford must convince its 
retail systems vendors, such as 
PDX Inc., a Fort Worth-based 
maker of pharmacy software, 
to port applications to Linux. 
When Hannaford first be- 
gan evaluating POS systems, 
“we kind of backed into Lin- 
ux,” Homa said. The open- 
source operating system end- 
ed up being the best fit for 
the company’s intelligent POS 
terminal requirements. 
Hannaford executives de- 
cided upfront that in checkout 
lanes they wanted to use so- 
called intelligent terminals 
that don’t require any moving 
parts and don’t need cooling 
fans. After evaluating various 
technologies, the grocer opted 
for POS terminals from Win- 





cor Nixdorf Inc. that can run 
either Linux or Windows and 
POS software from Retalix 
Ltd. that runs on Windows 
servers. Homa said the termi- 
nals can continue running if 
servers go down. 

Other retailers 
have deployed 
Linux-based POS 
systems, although 
adoption is still ex- 
tremely limited, ac- 
cording to analysts. 
In August, Circuit 
City Stores Inc. an- 
nounced plans to mi- 
grate to IBM Sure- 
POS 300 cash regis- 
ters running Linux at 
its 600 stores [QuickLink 
48812]. 

At least one consultant ex- 
pects the Hannaford project to 
be the forerunner of a boom in 
POS system replacement proj- 


ADP Software Glitch 
Hurts Auto Body Shops 


BY MARC L. SONGINI 

ADP Claims Services Group 
has been forced into damage- 
control mode as it promises to 
reimburse some of its auto 
body shop customers for loss- 
es caused by errors in the soft- 
ware application they use to 
estimate car repair costs. 

The Claims Services Group 
acknowledged in November 
that incorrect data was pro- 
grammed into the underlying 
database of its ADP Shoplink 
claims-estimating software as 


| part of the application’s Octo- 


ber iteration. The Claims Ser- 
vices Group is a subsidiary 
of Roseland, N.J.-based Auto- 
matic Data Processing Inc., 
a tax and payroll outsourcing 
company. 

The claims estimating soft- 
ware, which can be run off a 
server or a desktop, relies on 





an ADP database that can sort 
through information such as a 
given vehicle’s make, style and 
year and produce an estimate 
of repair costs. 

Things began going wrong 
last fall, when the faulty data 
was entered into the database, 
which is distributed with the 
application by disk to the auto 
body repair shops that are 
ADP’s clients. 

The company declined to 
comment on the error last 
week. But according to a state- 
ment on its Web site, an inter- 
nal investigation and audit 
prompted by customer com- 
plaints “concluded that 
changes made to [paint] refin- 
ish times on the October CD 
weren't supported by suffi- 
cient industry data as required 
by our operating policies and 
procedures.” 


‘ ; 
HOMA says the new 
system has cut 
cashier training 
Merl 





ects among retailers this year. 
| “For years, we’ve been hearing 


| 
| 
| 
| 
| 
| 
' 


that retailers were going to 
swap out their POS systems. 
This year they’re doing it,” 
said Cathy Hotka, principal at 
Cathy Hotka & Associates, a 
retail IT consultancy 
in Washington. 
Although retailers’ 
existing POS sys- 
tems are reliable and 
have long been com- 
pletely paid for, to- 
day’s systems are 
easy to learn to use, 
offer new features 
and are able to inte- 
grate with systems 
that support retail- 
ers’ customer data mining 
initiatives such as loyalty/ 
rewards programs, Hotka said. 
Homa said it takes just two 
hours to train a cashier to use 
Hannaford’s new Retalix POS 


ADP said it immediately no- 
tified its customers, sent them 
updated CDs via overnight de- 
livery and set up a team of 
customer service specialists to 
handle any related questions. 
In addition, although it denies 
any liability, ADP this month 
detailed on its Web site a poli- 
cy for reimbursing clients. 


Damage Done 

“We need those programs to 
run our businesses,” said 
Charles Bryant, executive di- 
rector of the New Jersey Al- 
liance of Automotive Service 
Providers in Neptune. His or- 
ganization includes some 250 
collision-repair shops that use 
ADP’s application. 

Bryant said it was never 
made clear just what caused 
the glitches, and it required 
“slick people” in the shops to 
find them and notify ADP. 
However, he said, by the time 
ADP acknowledged its errors 
and made corrections, “the 
damage was already done.” 





software, half the time it took 
for the Fujitsu system. Plus, he 
said, cashiers using the Retalix 
system can tender money 20% 
faster than they could with the 
previous system. 

“We’ve been able to reduce 
a significant amount of train- 
ing time with a simpler, user- 
friendly interface instead of 
cashiers having to memorize 
product codes,” said Natasha 
Velasquez, Hannaford’s store- 
line POS support manager, 
who is overseeing the imple- 
mentation of the POS termi- 
nals at the remaining 55 stores. 

The thin-client Linux archi- 
tecture has delivered other 
benefits. Homa estimates that 
it would have been 25% to 30% 
more expensive for Hannaford 
to purchase, install and sup- 
port a POS system that was 
based on Windows or another 
non-open-source platform. 


@ 52237 


The Hannaford Bros. help desk can now 

handle twice as many end-user IT incidents 
with just a modest increase in staff, thanks 
in part to new Peregrine Systems software: 


QuickLink 52236 
www.computerworld.com 


While the reimbursement 
plan is a good start, ADP 
should do more to compensate 
its customers, Bryant said. “It’s 
not a closed issue,” he added. 

ADP client David Rush, 
president of D & M Auto Body 
Inc. in Rockaway, N,J., said the 
October CD generally underes- 
timated normal paint refinish 
times by 12%. He ran the disk 
from early October until Nov. 
26, when the replacement CD 
was issued. Based on an aver- 
age month, his losses amount- 
ed to about $7,440, he said. 

Rush said he doesn’t expect 
to be reimbursed for the loss- 
es because it would take too 
long to do the recalculations 
and rebilling. 

“Most of the jobs have been 
paid for, and you can’t call the 
customer and say, “You paid 
me $500, and it was really 
$550,’” Rush said. “I didn’t 
write it off yet. I’m not sure 
where to turn next. I can’t 
even get an answer as to what 


caused it.” @ 52248 
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Ford, Sprint Agree 
To Wireless Deal 


Ford Motor Co. signed an agree- 
ment with Sprint PCS Group to 
buy wireless communications de- 
vices for 8,000 workers. The de- 
vices will replace office phones to 
provide wireless communications 
using Sprint’s PCS Ready Link 
service. The move comes four 
months after a deal that called for 
SBC Communications Inc. to de- 
sign, install and manage a Cisco 
IP telephony system for 50,000 
Ford users [QuickLink 49615]. 


Microsoft, DOJ to 
Meet on Longhorn 


Microsoft Corp. will meet with of- 
ficials from the U.S. Department 
of Justice next month for the first 
of several briefings intended to 
ensure that its upcoming Win- 
dows operating system, code- 
named Longhorn, complies with 
the final judgment in the antitrust 
case against the software maker, 
according to court papers. Micro- 
soft said complying with the rul- 
ing continues to be a priority. 


SAP Reports Better 


Sales, Net Income 


SAP AG released preliminary fig- 
ures showing that its net income 
for the fourth quarter rose 29% 

compared with a year earlier, on 
revenue that was up 7%. 


SAP BY THE NUMBERS 


“oa Adds to 
Patent Lawsuit 


Rambus Inc. broadened its legal 
battle against the memory indus- 
try, filing patent lawsuits against 
certain manufacturers of chips 
based on the emerging DDR2, or 
Double Data Rate 2, standard. 
The lawsuit against Hynix Semi- 
conductor Inc., Nanya Technology 
Corp., Inotera Memories Inc. and 
Rambus rival Infineon Technolo- 
gies AG claims that the standard 
infringes on Rambus patents. 
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Users Demand Access to BI 


In response, vendors 


| update reporting, 


OLAP software 


BY HEATHER HAVENSTEIN 
OME COMPANIES look- 
ing to deliver business 
intelligence software to 
growing numbers of 

end users are re-evaluating 

their mix of analysis and re- 
porting tools in an effort to 
improve scalability and per- 
formance. 

And vendors are responding 
to those concerns by updating 
reporting tools with stronger 
and more flexible data analy- 
sis capabilities and by boost- 
ing the performance of online 
analytical processing tools. 

Not waiting for improved 
OLAP systems, the Ministry of 
Tourism in the Bahamas is in 
the first phase of a project 
scheduled to be completed lat- 
er this year in which it will 
roll out Actuate Corp.’s enter- 
prise reporting tool set to 
more than 400 users at hotels 
and regional tourist boards to 
boost its marketing efforts. 

Previously, the ministry 
used an OLAP tool from Cog- 
nos Inc. without its reporting 
tool. The Cognos tool worked 
for the 25 users within the 
ministry itself but wouldn’t 
have sufficed for the expanded 
project, said Jo Ram, chief op- 
erating officer at Actuate re- 
seller Indusa Global in Mon- 
tego Bay, Jamaica. 

Users of tools from South 
San Francisco, Calif.-based Ac- 
tuate will be able to view re- 
ports and drill down into them 
to get more information and 
do more of their own analysis, 


| said Vincent Vanderpool- 
| Wallace, the tourism min- 
| istry’s director general. 


Actuate allows companies 
to scale to large numbers of 
users because of its “bursting” 
technology. It controls user 
access to individual pages of a 
report based on preset para- 
meters on what a user can see 
instead of creating a report 
for each user, said Kevin 
McDearis, vice president of 





data and delivery at Check- 
Free Corp., an electronic bill 
payment and banking services 
firm in Norcross, Ga. That fea- 
ture is a key reason why Check- 
Free stuck with Actuate fol- 
lowing a recent re-evaluation 
of its needs, McDearis said. 

Scalability is also an issue 
for enterprises using home- 
grown reporting mechanisms. 
Basic American Foods Inc. in 
Walnut Creek, Calif., struggled 
with data integration and in- 
tegrity issues while using Mi- 
crosoft Excel spreadsheets for 
more than 100 users at multi- 
ple plant sites to maintain 
budget data, said Sally Smedal, 
Basic American’s treasurer 
and controller. “As we have 
grown, certainly that product 
is not scalable,” she said. 

By using reporting tools 
from Hyperion Solutions 
Corp. and doing away with 
spreadsheets, the company 
last year reduced budget 
preparation time by more than 
half while improving data in- 
tegrity, Smedal said. 

Traditional reporting ven- 
dors like Actuate, Information 
Builders Inc. and Business Ob- 
jects SA, with its acquired 
Crystal Decisions tool, are 





Different Paths 


“basking in the scalability 
wars” as user companies look 
to bring BI to the masses, said 
Wayne Eckerson, director of 
research at The Data Ware- 
housing Institute in Seattle. 
From the start, enterprise 
reporting tools have been de- 
signed to provide reports to 


large volumes of users in serv- 


er-based processing environ- 
ments, Eckerson said. In con- 
trast, OLAP tools were de- 





oe for more complex 
fences for high-end power 
users and require significantly 
more processing power. 

Vendors in both camps are 
revamping their offerings to 
meet the demands of more 
users, with reporting vendors 
adding some OLAP-like capa- 
bilities for slicing and dicing 
data and OLAP vendors 
speeding up their analytics, 
Eckerson added. 

For example, the latest ver- 
sion of Hyperion’s Essbase 
OLAP tool, launched in Octo- 
ber, “blows the socks off” 
OLAP scalability, Eckerson 
said. And MicroStrategy Inc., a 
longtime player in the OLAP 
world, added enterprise re- 
porting to its product lineup 
late in 2003. This week, the 
company will add embedded 
OLAP into enterprise reports 
and allow users to define and 
refine reports over the Web. 
@ 52216 


Bi FOR THE MASSES 


As the power of data analysis is placed in 
the hands of everyday workers, will the 
benefits of increased productivity and 
customer satisfaction outweigh the risks of 
misinterpreted data? 
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MicroStrategy Designs New BI Tools for Nontechie Users 


MICROSTRATEGY INC. this 
week will unveil a new version of 
its business intelligence tool set 
that combines reporting, analy- 
sis and periormance monitoring 
ona single platform. 

Dubbed MicroStrategy 8, the 
new platform is designed to ex- 
tend its capabilities to more en- 
terprise users while lessening 
the demand on IT shops, said 
Sanju Bansal, chief operating 
officer at McLean, Va.-based 
MicroStrategy. 

The new version can provide 
a rough report that “users can 
tune to their exact needs” if they 
know how to use programs like 
Microsoft PowerPoint or Excel, 
Bansal said. 

A new Web interface allows 
end users to design and refine 


their own reports over the Web, 
he added. Also new in Version 8 
is support for joining data from 
data warehouses, data marts, 
operational systems and an SAP 
data warehouse into a single 
document, he added. 

With MicroStrategy 8, more 
than 700 state government users 
in Tennessee will have increased 
flexibility for their data analysis, 
said Sherrie Benn, a business in- 
telligence consultant in the 
state's Office of Information Re- 
sources. Benn’s operation is a 
beta-test site for the software. 

Using Version 7.5.3, Ten- 
nessee financial and human ser- 
vices department personnel can 
access only a PDF version of re- 
ports, said Benn. With the new 
version, “they won't have to de- 


pend on anyone else for their re- 
ports,” she said. 

Tying together reporting and 
analysis in one interface can 
provide significant benefits to 
users, said Dan Vesset, an ana- 
lyst at IDC. “If you want to cus- 
tomize a report, you can do it in 
the same interface. You don't 
have to open a new develop- 
ment interface,” Vesset said. 

While the new version does 
allow users to pull data from 
SAP AG's Business Warehouse, 
MicroStrategy should consider 
integrating its tools with other 
OLAP sources, such as Micro- 
soft Analysis Services, Vesset 
added. 

The tool set will be generally 
available Feb. 4. 

~ Heather Havenstein 
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France Telecom Plans 
To Rescue Ailing Equant 


PARIS 

RANCE TELECOM SA last week 
F = it has agreed to pay about 

564 million euros ($736 million 
U.S.) in cash for the 45.8% of global 
network operator Equant NV that it 
doesn’t already own. The deal also 
would give Equant, which has posted 
losses for the past eight years, a $250 
million loan to help it survive what’s 
expected to be a very difficult year. 

Amsterdam-based Equant provides 
data communications services to com- 
panies in 220 countries and territories. 
Paris-based France Telecom expects 
that it will take at least until May to 
complete the deal. 

The buyout would enable France 
Telecom to speed up its strategy of 
providing an integrated 
line of communications 
services, the company 
said. Last year, France 
Telecom bought back all 
the shares in its Wanadoo 
Internet access division 
and its Orange SA mobile 
phone subsidiary. 

The deal comes a 
month after Equant ap- 





GLOBAL FACT 


PS TCU meal oe 
tops left in London taxis 
TRUCE aU Ue 


An International 
IT News Digest 


pointed CEO Charles Dehelly, who is 
the second chief executive brought in 


| during the past 18 months to attempt a 


financial turnaround. 
@ PETER SAYER, IDG NEWS SERVICE 


Philippine Tax Agency 
Tries Mobile Commerce 


MANILA 
HE PHILIPPINE BUREAU Of Internal 
Treen (BIR) this month will de- 
ploy an electronic payment sys- 
tem that lets business owners pay their 
500-peso ($9 U.S.) annual registration 
tax using their cell phone keypads. 

The system uses the G-Cash service 
offered by Globe Telecom Inc., a 
Philippine vendor headquartered in 
Mandaluyong City. The goal is to make 
paying more convenient, since only 
70% to 80% of the country’s more than 
500,000 registered busi- 
ness establishments pay 
their registration taxes 
on time, said BIR deputy 
commissioner Lilia 
Guillermo. 

Business owners will 
be able to register with 
G-Cash and load at least 
500 pesos into electronic 
wallets managed by the 





Manila-based Land Bank of the Philip- 
pines. Once their accounts are set up, 
business owners can enter the amount 
to be paid, a personal identification 
number, some BIR office codes and the 
registered company name into their 
cell phones. They can then send the 
data to a special BIR phone number. 

@ GRACE S. CLAVECILLA, 


| COMPUTERWORLD PHILIPPINES 


Consumer Privacy Grou 
Boyotts Tesco Over RFI 
N INTERNATIONAL consumer pri- 
A‘ group last week launched a 
boycott of U.K.-based retailer 
Tesco PLC over its increasing use of 
radio frequency identification tags on 
individual products, such as DVDs 
[QuickLink 52097]. The group, called 
Consumers Against Supermarket Pri- 
vacy Invasion and Numbering, said 


| Tesco’s plan carries the unacceptable 


risk that “more people will be taking 
home items containing spychips.” That 
word is used by some critics of RFID 
tags to describe the devices. 
“Suggestions that Tesco might use 
this technology to track products once 


| they have been purchased, thereby 


invading customers’ privacy, are sim- 
ply wrong. In fact, it would be illegal 
in Europe,” a Tesco spokeswoman 
told the British Broadcasting Corp. 
@ 52194 


Compiled by Mitch Betts. 





Briefly Noted 


The Hong Kong government has 
named Howard C. Dickson to re- 
place Allan Wong as its CIO, effec- 
tive Feb. 1. Dickson was previously 
Canada’s assistant deputy minister 
for information management and, 
before that, CIO at the Department 
of National Defence and Canadian 
Forces. 

@ CHEE SING CHAN, COMPUTER- 
WORLD HONG KONG ONLINE 


Microsoft Corp. is urging Zambia’s 
government to speed up enactment 
of an IT policy that will enable pros- 
ecution of software pirates. The 
African country currently has a law 
against music piracy but not soft- 
ware piracy. 

@ MICHAEL MALAKATA, 

IDG NEWS SERVICE 


The Dow Chemical Co. in Midland, 
Mich., said last week that it plans to 
open a new research and IT center 
in China. The IT portion of the cen- 
ter will open within 12 months and 
provide systems support for Dow’s 
global operations, ClO Dave Kepler 
said in a press release. 


Continued from page 1 


Oracle, and one is simply wary 
about the changes in general. 
The rest said they have been 
unaffected so far. 

The loss of long-time Peo- 
pleSoft staffers was the most 
serious problem the users had 
encountered. 

“We’ve found that the more 
our representative knows 
about us and the applications 
we are utilizing, the better the 
rep has served us,” said Dave 
Richards, CIO and treasurer at 
Great Falls, Mont.-based Pacif- 
ic Steel and Recycling Inc. 

The company runs People- 
Soft’s EnterpriseOne ERP soft- 
ware and has just lost its ac- 
count rep — someone who 
had spent time at Pacific 
Steel’s headquarters to learn 
about the business and the 


| software used, Richards said. 


“When a new rep comes in, 
we will have to start this proc- 
ess all over.” 


Facing Disruption 

Richards isn’t the only one 
facing disruption. After it lost 
a key PeopleSoft marketing 
representative at the same 
time that top PeopleSoft exec- 
utives left, Palmer, Alaska- 
based Matanuska Telephone 
Association Inc. put a planned 
upgrade from PeopleSoft 
World to EnterpriseOne on 
hold, said business systems 
analyst Gary Riley. 

The company is now “wait- 
ing for the smoke to clear and 
our executives to have a better 
comfort level,” he said. “We 
are waiting when we need to 
be moving forward.” 

Other customers said that 
their future with Oracle re- 





mains in question. 





Agri Beef Co. in Boise, Ida- 
ho, hasn’t had much communi- 


| cation with Oracle during the 


past month, aside from a se- 
ries of e-mails announcing 
“another farewell from anoth- 
er PeopleSoft friend,” said 
Casey McMullen, director of 
information systems. “My in- 
box is full of ‘Farewell, it’s been 
nice working with you’ e-mails.” 
The beef supplier runs 
Enterprise financial applica- 
tions, and McMullen said 
PeopleSoft had sent a team 
in to study his business be- 


a We are wait- 
ing when we 
need to be moving 


GARY RILEY, BUSINESS SYSTEMS 
ANALYST, ATANUSKA TELEPHONE 
ASSOCIATION 


| fore that implementation. 

“Those people worked 
shoulder to shoulder with 
us, above and beyond the 
call of duty to forge a long- 
lasting business relationship,” 
he said. “Now those people 
are pretty much gone.” Mc- 
Mullen said he isn’t sure 
whether he will continue 
using Oracle to support his 
applications. 

Oracle officials declined to 
comment for this story, point- 
ing to public statements the 
company has already made 
about the layoffs. 

The decimation of People- 
Soft’s upper echelon has been 
something of an issue at Den- 
ver-based staffing company 
Remy Corp., a PeopleSoft En- 
terprise customer. 

The departure of such high- 
ly placed PeopleSoft execu- 
tives as President Phil Wilm- 
ington and Chief Financial Of- 








ficer Kevin Parker has led to 
“a little bit of worry,” said An- 
drew Albarelle, principal exec- 
utive officer at Remy. 

Albarelle, who is generally 
upbeat about the merger, is 
waiting to be assigned a new 
high-level executive sponsor 
from Oracle — something he 
expects to happen in the next 
month. 

That customers are already 
feeling the pain of a personnel 
transition is no surprise, said 
David Dobrin, an analyst at 
Cambridge, Mass.-based con- 
sultancy B2B Analysts Inc. 

With the layoffs of an esti- 
mated 52% of PeopleSoft’s 
employees — many of them 
with customer-facing jobs in 
consulting or presales — 
Dobrin said he doesn’t know 
whether Oracle can deliver 
on the promises of continued 
support to its new installed 


base. @ 52241 
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Major Vendors Join to Support 
Open-Source Grid Development 


Ultimate benefits 
will depend on 
deliverables, say 
users and analysts 


BY PATRICK THIBODEAU 
A decision by major enter- 
prise vendors last week to put 
money and technical support 
behind open-source grid de- 
velopment was cautiously 
welcomed by users and ana- 
lysts. Most of those inter- 
viewed said they will hold 
their applause until they see 
some results. 

IBM, Sun Microsystems 
Inc., Hewlett-Packard Co. and 
Intel Corp. formed the Globus 
Consortium to jointly work to 
improve the Globus Toolkit, 
the open-source development 
project of the Chicago-based 
Globus Alliance. The compa- 
nies’ aim is to improve the tool 
kit’s code and readiness for 
commercial adoption, an ef- 


Continued from page 1 


Disk Drives 


the needed drives are on back 
order [QuickLink 52098]. 

A draft report issued last 
week by IDC said that in last 
year’s fourth quarter, the de- 
mand for enterprise-class hard 
drives exceeded supply by 
nearly 7%, or about 400,000 
drives. IDC said the shortfall 
was due to a combination of 
the product transition cited by 
Clarke and an increase in pur- 
chases by hardware vendors. 

“The resulting allocation 
conditions were not unexpect- 
ed but are deeper, more broad 
and more prolonged than orig- 
inally forecast,” the Framing- 
ham, Mass.-based company 
said in its report. 

An investigation by IDC re- 
vealed delays in server ship- 
ments by all the major system 
vendors except Dell Inc., 
which told both IDC and Com- 
puterworld that it hasn’t been 





fort the tool kit’s developers 
say is needed. 

Getting the four companies 
involved in the project “is 


good, as long as they adhere to | 
| in Argonne, IIl., and who led 


the open-source mentality,” 
said Ian Penny, who is respon- 
sible for data center technolo- 
gy development at New York- 
based pharmaceutical maker 
Pfizer Inc. “It will encourage 
users to adopt it as a stan- 
dards-based platform.” Pfizer 
uses grid computing in drug 
research, and Penny has been 
active in the Globus Alliance. 


Initial Optimism 
“My first impression is that 
[the new industry group] is 
probably a good thing,” said 
Bill Olson, vice president of 
engineering at Iron Mountain 
Inc. “The more stable [the 
Globus Toolkit] is, the more 
attractive it becomes.” 

Iron Mountain, a Boston- 
based data-protection firm 
that uses grid technology in 


2 Os as 


The resulting 

allocation condi- 
ISM IR Sat laUesy | 
were not unexpected 
but are deeper, more 
broad and more pro- 
longed than originally 
Le) grt 


affected. The delays primarily 
involve higher-end drives, 
specifically 15,000-rpm mod- 
els with 73GB and 146GB ca- 
pacities, IDC said. 

On average, the standard 
shipment time for an enter- 
prise server is one week, ac- 
cording to IDC. “That has 
been extended to two to three 
weeks average because of 
this,” said John Buttress, an 
analyst at IDC. “Obviously, if 
it’s an average of two to three 
weeks, some shipments are 
taking longer than that.” 








| its database management, is 


interested in using the tool kit. 
Ian Foster, who heads the 

distributed systems lab at 

Argonne National Laboratory 


the team that developed the 
Globus Toolkit, said the ven- 
dors “want to see the software 
move forward faster than what 
is possible by volunteers.” 

Foster is also a founder of 
Elmhurst, Il.-based Univa 
Corp., which was formed last 
year to develop products and 
services based on the Globus 
open-source standards. Univa 
is also a member of the 
Globus Consortium. 

The consortium’s “goal is to 
proactively address the issue 
of grid computing in enter- 
prises,” said Greg Nawrocki, 
who will lead the industry 
group. “Our belief is that 
open-source is the key to 
grid in the enterprise.” 

Initially, the consortium 
will develop a priority bug- 


For users, “avoiding prob- 
lems posed by product short- 
ages takes homework, includ- 
ing analysis of commodity 
markets — the raw products 
that make up disk drives,” said 
Gerry Bundle, purchasing 
manager at San Jose-based 
Calpine Corp., which operates 
power plants in 21 states. 

Vendors regularly conduct 
such analyses, but whether 
they’re willing to share their 
supply forecasts depends on 
the relationships they have 
with users, Bundle said. Com- 
panies that don’t have clout 
with a vendor or the resources 
to do their own market analy- 
sis work may be at the mercy 
of their suppliers, he warned. 

But if a company is in deep 
with a vendor and is buying 
systems, services and support, 
“jt’s a key requirement that all 
the critical information be 
shared,” Bundle said. “You 
have to try to leverage their ex- 
pertise and, frankly, request it.” 

EMC’s leading disk supplier, 





Major Grid 
roups 


GLOBUS ALLIANCE: Developer 
of the Globus Toolkit, an open- 
source, open-standards-based 
technology for grid resource mon- 
itoring, discovery, security, and 
operations and file management. 


GLOBUS CONSORTIUM: A 
newly formed industry group 
to support Globus Toolkit. 


GLOBAL GRID FORUM: The 
leading grid standards group and 
developer of the Open Grid Ser- 
vices Architecture. 


ENTERPRISE GRID ALLIANCE: 
An industry group focused on 
enterprise grid adoption that’s 
working on problems such as 
provisioning large enterprise data 
files and databases. Oracle Corp. 
is one of its members. 


fixing scheme for the tool kit, 
and other development efforts 
will be detailed later. Nawroc- 
ki coordinated Globus Toolkit- 
based application projects at 


| Argonne National Laboratory. 


Seagate Technology LLC, is 
among the companies that are 
going through product transi- 
tions, and Tucci acknowl- 
edged that there is “probably a 
shortage of what the industry 
will demand out there in 
terms of disk drives” based 
on Fibre Channel technology. 
EMC has been able to work 
around that problem in terms 
of shipments to users, he said. 

But Tucci noted that disk 
drive makers “don’t exactly 
have a lot of reasons right 
now to continue to drop their 
costs.” That’s putting pressure 
on EMC because users contin- 
ue to demand lower prices on 
its disk arrays, he said. 

David Szabados, a spokes- 
man for Scotts Valley, Calif.- 
based Seagate, said a shift in 
IT purchasing by users from 
“maintenance-only mode” to 
spending on new projects has 
also led to demand for enter- 
prise-class drives that’s higher 
than vendors forecast. 

Joel Hagberg, vice president 
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He’s currently on extended 
leave from the lab to head the 
consortium. 

Jonathan Eunice, an analyst 
at Illuminata Inc. in Nashua, 
N.H., said users can welcome 
the arrival of the Globus Con- 


| sortium while remaining skep- 


tical of its ultimate plans. 
“There is no reason not to 
welcome an organization that 
is committed to further devel- 
oping standards and further 
building enterprise computing 
atop vibrant standards and 
compatible implementations,” 
said Eunice. However, he 
added, “the proof is in the 
pudding.” Users should judge 
the group on the results of its 
efforts rather than rejoice at 
its formation, Eunice said. 
William Fellows, an analyst 
at The 451 Group in New York, 
said the consortium might 
strengthen Globus as well as 
its open-source efforts. 
Fellows said that grid users 
see “a need for a single set of 
grid standards, not multiple 
standards or stacks; common 
APIs for developers to write 
to; [and] standard ways of 
getting data into and out of 


| grids.” @ 52212 


of marketing and business de- 
velopment at disk drive maker 
Fujitsu Computer Products 

of America Inc. in San Jose, 
agreed that demand is grow- 
ing robustly at the same time 
that vendors like Fujitsu are 


| moving to new products. 


The shortage will continue 
well into 2005, Hagberg pre- 
dicted. “But we’re executing 
well in terms of qualifying our 
new products and pushing to 
improve supply to meet the 
increased demand,” he said. 


52223 


Correction 


A STORY IN the Jan. 17 issue's 
Knowledge Center section (“Call 
Centers Put on Speed Dial”) incor- 
rectly reported that Magellan 
Health Services Inc. had already 
gained the benefit of using a voice- 
over-IP network to balance call 
workloads among the clinicians in 
its 22 call centers nationwide. That 
benefit has yet to be realized. 
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IBM Tones Down Linux Desktop Plan 


BY ROBERT McMILLAN 
More than a year after IBM 
Chairman and CEO Sam 
Palmisano challenged his 
company to move to the Linux 
desktop by the end of 2005, 
IBM has significantly toned 
down its rhetoric on the sub- 
ject of open-source clients. 

“We don’t have anything we 
want to say that’s definitive,” 
said Nancy Kaplan, an IBM 
spokeswoman. She declined to 
comment on specifics of the 
Linux rollout. “There are peo- 
ple using Linux, and nobody is 
telling them to stop,” she said. 

IBM’s Linux migration plans 
were made public in January 
2004, just months after CIO 
Bob Greenberg formed the 
Open Desktop Project to facil- 
itate the migration effort. 

“Our chairman has chal- 
lenged the IT organization, 
and indeed all of IBM, to move 
to a Linux-based desktop by 
the end of 2005,” Greenberg 
wrote in a November 2003 
memo. “This means replacing 
productivity, Web access and 
viewing tools with open-stan- 
dards-based equivalents.” 

IBM executives said at the 
time that there were about 
15,000 Linux desktops within 
the company and predicted 
that it would have 40,000 to 
60,000 desktops in operation 
by the end of last year. Kaplan 
declined to say whether that 
goal has been met. “I don’t 
know if there was ever a goal 
of 40,000 users,” she said. 
“There’s nothing mysterious 
about it; we’re using Linux.” 

Some IBM users say that 
many employees using Linux 
Web applications that require 
the open-source Mozilla 
browser aren’t getting ade- 
quate support because the in- 
ternal help desk supports only 
the Windows-based Internet 
Explorer browser. 

According to one IBM em- 
ployee, who asked not to be 
identified, the company has 
created a Linux version of its 
standard desktop client, called 
Client for eBusiness, that in- 
cludes the OpenOffice.org 
productivity suite, a Lotus 
Notes client running under 


| Wine Windows-emulation 
| software and the Mozilla 


| 
| 
| 
| t 


| slowing its spread, he said. 


| to discuss 


Linux proble 


IBM volunteers have set up 
| browser. The support problem | an Internet relay chat channel 
| and other issues appear to be 


formal help desk support is 
vital. “If you don’t use Internet 
Explorer, you might not get 


| very far with them helping 


you with the problem,” said 


| another IBM staffer. 


The majority of IBM’s Linux 
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users to date are technical 
users who can support them 


selves, sources said. @ 52188 


Peter Sayer contributed to this 
report. He and McMillan write 
for the IDG Ne 


BMC SOFTWARE AND ITS REMEDY SOLUTIONS. 
MANAGE IT CHANGE. MANAGE THE BUSINESS. 
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DON TENNANT 


Disquiet. Period. 


HANK YOU, HEWLETT-PACKARD. Your | 


assistance in making me look like a 
bonehead is very much appreciated. But 
for future reference, I’ve found that I 
can do that very easily all by myself. I 


don’t need your help. 


If you read Patrick Thi- 
bodeau’s excellent story 
in last week’s issue titled 
“Disk-Drive Demand May 
Be Slowing Some Server 
Shipments” [QuickLink 
52098], and you're a regu- 
lar reader of this column, 
you probably know what 
I’m talking about. Back in 
September, I devoted this 
entire precious space to 
gushing over HP and how 
impressed I was with its 
candor following that high-profile 
ERP migration disaster. You know, 
the one that contributed to a quar- 
terly financial miss that cost three 
HP executives their jobs and delayed 
shipments of Intel-based servers 
{QuickLink 49607]. 

HP faced that shipment problem 
head-on, and Gilles Bouchard, the 
company’s executive vice president 
of global operations and CIO, went 
out of his way to share the lessons he 
learned from the whole mess with 
other IT professionals. No denials, no 
skirting the issue, no “no comment” 
cop-outs. It was a terrific example of 
how this sort of unpleasantness 
needs to be handled to ensure that 
the interests of users are best served. 

That’s why HP’s response to our 
inquiries about word of a more re- 
cent problem was so disappointing. 
As we reported last week, an IT di- 
rector in Maryland informed us that 
he had been told by HP that it would 
take more than six weeks to deliver 
two ProLiant servers because of a 
shortage of hard drives. Yet when we 
went through HP’s PR channel to 
find out what was going on, we got a 
troubling response. HP declined to 





discuss the matter, citing 
the fact that it was ina 
“quiet period” prior to 
the release of its most re- 
cent financial results. 


That’s nonsense. With- | 


out identifying ourselves 
as being from Computer- 
world, we called HP cus- 
tomer service to inquire 
about the availability of a 
ProLiant server like the 
ones the IT director in 
Maryland had ordered. 


And sure enough, we were told there 


was a seven-week back order for the 


| hard drive in that model due to “an 
| industrywide shortage. 


So let’s get this straight: HP cus- 
tomer service is free to inform any- 
one who picks up the phone to place 
an order that a shortage of certain 
hard drives is delaying the shipment 


of ProLiant servers equipped with 





those drives. Meanwhile, HP’s PR ma- | 


chine is telling the press that the com- 
pany can’t say anything on the subject 


| because it’s in a quiet period. We 


seem to have a little disconnect here. 
Actually, what we have is the un- 
fortunate circumstance of HP using 


| the quiet-period excuse to avoid ad- 
dressing an uncomfortable issue. HP 
| went through hell last August and 


September to overcome the server 


| shipment problems caused by that 


botched ERP migration. The last 


| thing it needs now is a bunch of jour- 


nalists asking about more delays. 
Come on, HP. We didn’t ask about 


| your financial projections. We didn’t 
| ask about whether you’re planning 
| any acquisitions. We didn’t ask about | 
| layoffs or resource allocations or the 
| status of your executives. We asked 
| about whether your users can get a 
| ProLiant server with a certain hard 
drive. Hiding behind the quiet-period | 


screen makes you look even more 


| foolish than it does those of us who 

| have commended you for your trans- 
| parency. And that’s likely to be dis- 

| quieting for your users. @ 52181 
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DAVID MOSCHELLA 


CES Shows 
Consumers 
In Charge 


IKE MANY OF YOU, I’ve 

attended more Comdex 

trade shows than were 
probably necessary. And, like 
many of you, until a few weeks ago, I'd 
never traveled to Las Vegas to check 
out the annual Consumer Electronics 
Show. While the CES has become in- 
creasingly tempting in recent years, it 
always seemed too far removed from 
the “real” issues to be justifiable for 
those of us focused on enterprise 
computing. 

Perhaps I was wrong all along, but I 
got more out of this year’s CES than I 
would have imagined. There’s no bet- 
ter place to see how the energies of the 
IT business have shifted away from 
corporate IT and why the consumer 
market has become 
the main focus of 
computer industry 
innovation. Comdex 
is struggling to sur- 
vive, and the CES is 
now the main speak- 
ing platform for IT 
leaders such as Bill 
Gates, Craig Barrett 
and Carly Fiorina — 
even if they did look 
painfully out of place 
yukking it up with 
Conan O’Brien, 
Steven Tyler and 
Vanessa Carlton. 

Looking back, it’s easy enough to un- 
derstand why this shift occurred. Word 
processing, spreadsheets and databas- 
es are fundamentally much easier for 
computers to handle than audio and 
video. Thus, the computers and net- 
works of the 1980s and ’90s could ef- 
fectively manipulate business informa- 
tion, but handling sound and images 
required improvements in storage, 
processors and networks. Contrary to 
our enterprise instincts, consumer ap- 
plications are in many ways the high 
end of the IT marketplace today. 

The consumer market is only now 
reaching its takeoff period, equivalent 
to the early stages of the business PC 
market. Things such as MP3 players, 
digital recorders, integrated PC/ 
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stereo/TV systems, digital cameras, 
large displays, Bluetooth headsets, 
portable game players and all of the 
supporting networks and software 
should be seen as the driving applica- 
tions of this new phase of IT industry 
expansion. Each capability opens up 
whole new fields of opportunity. 

An important consequence of this is 
that the technologies consumers use at 
home will evolve more quickly and in 
many ways will surpass those used in 
the office. It’s easy to imagine that 
knowledge workers of the not-too- 
distant future might well prefer to 
work in a home office that features a 
large plasma screen, voice and video 
instant messaging, free long-distance 
voice-over-IP telephony, a 40Mbit/sec. 
Internet connection, surround-sound 
audio, and a wireless LAN that works 
in the kitchen, on the sofa or in the 
backyard. Who could blame them, es- 
pecially when company offices in- 
creasingly feature ever more anony- 
mous and dreary cubicles? 

These changes in the balance of IT 
industry leadership will present many 
challenges for corporate IT, as well as 
opportunities. Perhaps the biggest op- 
portunity stems from the fact that em- 
ployees are now willing to spend their 
own money on this stuff. Their IT bud- 
gets will certainly continue to grow 
much faster than yours. 

Surely, IT organizations should try to 
find ways to support company employ- 
ees as they invest in and expand the IT 
infrastructure of the future. Think se- 
curity, firewalls, antispyware and back- 
up systems. Increasingly, every home 
will become its own little IT operation, 
and IT organizations are well posi- 
tioned to steer these efforts toward 
things that benefit both employees and 
the companies they serve. @ 52082 


PIMM FOX 


Hazardous 
Rail Problem 


Can Be Fixed 


HE BUSH administra- 

tion, we all know, has 

deemed it necessary to 
fight terrorism by invading 
Iraq, deposing Saddam Hussein and 
hunting for his weapons of mass de- 
struction. The wisdom of all this is 
endlessly debated, but the fact is that 


terrorists could find a cor- 
nucopia of dangerous mate- 
rials right in America’s city 
centers. 

Just check out your local 
rail yard. Shipments of dan- 
gerous chemicals routinely 
pass through major U.S. 
cities unnoticed, unguarded 
and undocumented. 

Mayors of major cities 
have been lobbying the 
White House for at least 
three years to require rail- 
road companies to inform local gov 
ernments of any hazardous materi 
shipments that travel through their re- 
gions. The White House’s answer has 
been either to make no comment or to 
give only a fuzzy response that doesn’t 
address the real concerns of these 
elected officials. 

Chlorine, which is routinely trans- 
ported in railroad tank cars, is one of 
the most toxic chemicals on earth and 
is a hazard to people and the environ- 
ment. Accidental derailments involving 


chlorine-laden rail cars are extremely 
dangerous, capable of killing anyone in 


the area. Deliberate derailments de- 
signed to maximize casualties in heavi- 
ly populated neighborhoods could be 
worse. The railroad companies’ stance 
is that ignorance is preferable to knowl- 


PiMM Fox is a London- 
based journalist. 
Contact him at 
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edge; they say that giving 
information about their 
shipments to local officials 
would tip off terrorists. 

How difficult would it be 
to put together a system to 
track and monitor the 
movements and inv entory 
of hazardous materials? 
The U.S. Department of 
Homeland Security is ide 
ally situated to do this. It 
could take a lesson from 
state governments, which 
seem to have little trouble tracking ve 
hicles when they go through toll- 
booths. That same simple technology 
could help local governments keep 
tabs on rail cars that they’ve been told 
contain hazardous materials. 

But such a project would require 
money (the fiscal 2005 budget for the 
agency is actually lower than it was in 
2004) and action. At the annual U.S. 
Conference of Mayors confab in Wash- 
ington just before the Bush inaugura- 
tion, the mayors decried the reduction 
in funds for homeland security. 

The new budget calls for $1.1 billion 
to go to first-responder grants, com- 
pared with $1.7 billion in fiscal 2004. 
Homeland security grants for fire- 
fighting and law enforcement have 
also been cut, as have the monies for 
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urban search and rescue operations. 
To be fair, there is mere money 
available this year for ba, 
ing and transit security. And the new 
spending bill no longer requires that 
cities spend the money they receive 
for homeland security within three 
days of receipt. 
But informing community leaders 


when toxic materials are transported 


{or ina city 
tunnel seems like a no-brainer, despite 
the concern expressed by the railroad 
companies. Most rail yards are enly 
lightly policed, and railroad companies 
are supposed to let local governments 
know if they’re storing toxic chemicals 
overnight. So why doesn’t the White 
House weigh in and support the may 
ors on an issue of local security? 

Chere is a low-cost solution to this 
problem, and the fact is that the popu 
lation is better off when municipal 
governments know the terrorist risk 
factors within their jurisdictions. But 
instead, tanker rail cars continue to 
make their way through highly popu 
lated areas, and local governments 


haven't got a clue. @ 52142 
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Readers Raise Objections to Outsourcing 


*M BUMMED that Don Tennant 

doesn't understand the nature of 
the H-1B visa [“A Thanksgiving Re- 
buttal,” QuickLink 51029]. If it truly 
were about hiring qualified workers 
rather than flooding the market with 
cheap labor, it wouldn't be written 


power of a feudal lord. I’m bummed 


that Tennant chooses to present the | 


concerns of American workers as 
xenophobia. Who's going to pursue 
a career in engineering if they can 
be replaced by a serf? And finally, 
I'm bummed that Tennant chooses 
to ignore widespread unemploy- 
ment in tech. | wish this were a sim- 
ple competition based on qualifica- 
tions and experience, but jobs are 
leaving this country in pursuit of 
lower salaries, not better skills. 
Mike Gollub 


Mountain View, Calif. 


OBJECT TO Don Tennant’s sug- 
gestion that jobs should go “to 


| the best candidate, regardless of 
nationality.” The U.S. economy is 
the property of the American people | 
| and exists for their benefit, not for 


the benefit of the whole world 


| lan Fletcher 
| American Engineering 
to give the sponsoring employer the | 


Association, Washington 


ON TENNANT overlooks that 

H-1Bs aren't always the most 
qualified; employers often force 
qualified Americans to train the 
H-1Bs before firing them. He over- 
looks that the majority of positions 
filled by H-1Bs could easily be filled 
by U.S. workers. He overlooks that 


| flooding 85,000 workers per year 

| into a stagnant job market will 

| cause qualified U.S. workers to be 

| displaced. He offers no explanation 
| of why the free market within the 

| U.S. cannot supply enough U.S. 


tech workers without immigration. 
He overlooks that the CEO of HP 


lobbied for an increase of the H-1B 


| cap evenas she was filing an SEC 

| notice of layoffs. The Programmers 

Guild advocates that H-1B visas be 

| granted only after a job is adver- 
tised and an attempt is made to fill it 

| witha U.S. worker. Why would 
Computerworld oppose that? 

| Kim Berry 

| President, Programmers 

| Guild, Sacramento 


Spreadsheet Utility 
| “The article “Compliance Pres- 
sures Prod IT to Limit Use of 
| Spreadsheets” [QuickLink 51389] is 
missing an important point. One of 
| the most significant reasons why 
people use spreadsheets to analyze 
| financial or operating data is that 
| the underlying databases contain 
| known errors. Why? Because the 
| database keepers periodically lock 
| the data and then publish the re- 


sults, correcting any known errors in 


| later periods. 
For many people trying to run 
their businesses in real time, the 


| bad data is unacceptable. So they 


make corrections to get the true 


| picture of what is actually happen- 


ing at a detailed level. The small 


| errors are not significant from the 
| big-picture point of view, but they 
| are critical from a daily operating 


perspective. Until someone can fig- 
ure out how to allow the official and 
the “corrected” databases to coex- 
ist, spreadsheets will be with us. 


| Chip Ellis 


Santa Clara, Calif. 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to 
Jamie Eckle, letters editor, Com- 
puterworld, PO Box 9171, 1 Speen 
Street, Framingham, Mass. 01701. 
Fax: (508) 879-4843. E-mail 
letters@computerworld.com. 
Include an address and phone 
number for immediate verification 


For more letters on these and 
other topics, go to 


| www.computerworld.com/letters 
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where information lives 
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An Eye on Your Apps 
More and more companies are 
turning to application moni- 
toring software to help ensure 
that their critical systems stay 
up and running around the 
clock. Page 26 


Interoperable elec 
tronic health records 
promise to streamline 
health care delivery, 
improve quality and 
help contain costs. 
But financing, a lack 
of standards and the 
scope of implementa 
tion stand in the way. 
By Kym Gilhooly 


FUTURE WATCH 


Simulating Fallujah 


Preparing troops for urban combat like these soldiers 


encountered in Fallujah is one of the military’s most diffi- 


cult training challenges. But high-tech aids like ultrafast 


graphics engines and intelligent agents are making battle 


simulations frighteningly realistic. Page 28 


OR AN INDUSTRY that depends 

on highly sophisticated clinical 

technologies, health care lags 

surprisingly in leveraging IT to 
streamline patient data. The protracted 
paper trails created by patients’ inter- 
actions with various health care enti- 
ties don’t provide a meaningful, con- 
solidated view of an individual’s health 
history. This lack of data integration 
can result in diagnostic and medica- 
tion errors and duplicative tests that 
can dramatically raise the cost of 
health care and compromise patient 
safety. 

These issues are driving a concen- 
trated push toward the adoption of in- 
teroperable electronic health records. 
Ideally, EHRs would be real-time, 
workflow-enabled records that support 
computerized physician order entry 
and incorporate data from clinical sys- 
tems. They could alert clinicians to po- 
tential diagnostic errors. They could 
incorporate data on public health sur- 
veillance, research and protocols, inte- 


For Better 
Health Care 


grate with back-end accounting and 
billing systems, and get patients in- 
volved in their own health care 
through portals and other mecha- 
nisms. Through interoperability stan- 
dards, EHRs could incorporate data 
from any health care entity with which 
a patient interacts and be accessible 
through a range of clients. 

The potential of interoperable EHRs 
to improve the quality of health care is 
considerable, as are the savings they 
could deliver — as much as $400 bil- 
lion annually. With that in mind, Presi- 
dent Bush issued an executive order 
last April calling for the broad adop- 
tion of interoperable EHRs by 2014. He 
also appointed Dr. David J. Brailer to 
the new position of national coordina- 
tor for health information technology. 

On the heels of these announce- 
ments, however, came questions. 
What, exactly, makes up an EHR? What 
will constitute the proposed National 
Health Information Network (NHIN) 
that would allow EHRs to interoper- 


OLS3LOS 


OPINION 
Kill Your Data 


Robert L. Mitchell offers practical 
advice on how to make sure erased 
data on retired ¢ omputers stays out 
of reach from all but the most deter 
mined intruders. Page 32 


ate? And who will finance such a mas- 
sive undertaking? 

“When I read the popular literature 
or even listen to President Bush, 
there’s this notion that we buy this 
electronic health record and slap it in 
and we’re done,” says Rick Skinner, 
CIO at Seattle-based Providence 
Health System, which is undertaking 
an IT standardization effort in its net- 
work of hospitals. “But an EHR is a 
system of hundreds if not thousands of 
building blocks, all lashed together to 
provide a comprehensive information 
set around a person and their health. 
... 1 don’t know anybody that can say 
they have a complete EHR.” 

Last year, Brailer’s office issued a re- 
quest for information (RFI) for devel- 
oping the infrastructure that would en- 
able secure EHR interoperability and 
other e-health initiatives, with respons- 
es due this month. Though the specifics 
of the NHIN architecture have yet to be 
defined, experts say concerns about pri- 
vacy and other issues have the govern- 
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Driving the Push for EHRs 


In 2004, the Medical Records Institute surveyed employees at 436 health care organizations about the rea- 
sons they favored EHRs. The following figures compare the responses of IT staff with those of medical staff 


‘Wabdeabteieeeilbialsisiesin acandiisiciiliads 


The need to improve quality of care 


The need to share patient record information among health care 
practitioners and professionals 89.1% rth) 


The need to reduce medical errors (improve patient safety) 


The need to improve clinical data capture 


The need to improve clinical documentation to support appropriate ror 
levels 66.7% 74.8% 


billing service 


The need to provide access to patient records at remote locations 


The need to facilitate clinical decision support 


The need to meet the requirements of regulatory or 
accreditation standards “ 


The requirement to contain or reduce health care delivery costs 
The need to establish a more efficient and effective information 
advantage 


infrastructure as a competitive 

Other 

Total respondents 

Margin of error 

ment pushing for a decentralized, fed- 
erated architecture that doesn’t require 
a centralized repository for health data 
or universal patient IDs. Instead, health 
care organizations will have to adopt 
standards to allow interoperability 
among institutions storing the data 
that’s in individual health records. 

“In the U.S., privacy concerns are 
one of the shapers of [EHRs],” says 
Gartner Inc. analyst Wes Rishel. “If 
you look at Brailer’s RFI... it’s clearly 
supportive of interoperability as op- 
posed to a consolidated health infor- 
mation system where all data is col- 
lected. ... Fear is driving the technolo- 
gy in a direction that technologists 
would rather it not go. They'd rather 
have a centralized repository because 
it’s easier to have good service-level 
agreements, response time and 24/7 
availability of data.” 


Private-Sector Role 

While the U.S. Department of Health 
and Human Services is working to es- 
tablish standards for sharing health 
data among federal agencies, it expects 
the private sector to play a major role 
in drawing the road map for EHR 
adoption and interoperability. 

Health Level Seven Inc. (HL7) and 
other organizations are defining enter- 
prise interface, authentication, clinical 
terminology, coding and other stan- 
dards. The Commission for Certifica- 
tion of Health Information Technology 


CR 


a 


| is working to specify required function- 
ality for EHRs. Health IT vendors are 
beginning to provide standards-based 
suites that will ease enterprise integra- 
tion, though the multitude of products 
for outpatient physician practices re- 
mains an implementation challenge. 

Meanwhile, many health care pro- 
viders are making significant progress 
toward EHR adoption. For instance, 
Sutter Health in Sacramento has com- 
mitted to deploying an EHR system by 
2006 that will connect 26 hospitals, 
more than 5,000 physicians and mil- 
lions of patients in Northern Califor- 
nia. One of the steps toward this goal is 
a move away from a traditional, best- 
of-breed approach to Sutter’s systems 
and toward standardization on systems 
from Epic Systems Corp. in Madison, 
Wis., says CIO John Hummel. Epic al- 
ready houses Sutter’s Ambulatory 
Electronic Record and offers integrat- 
ed inpatient/outpatient software. 

“Our interface department builds 
over 800 interfaces a year to integrate 
all our vendors. By the end of 2006, 
we'll have a lot of systems running in 
Epic, but we’ll still have applications 
from other vendors that we’ll need to 
interface to, so we'll [be enforcing] 
XML, SOAP and the HL7 transaction 
stuff we already do through our [inter- 
face] engine,” says Hummel. 

In addition to the EHR work it has 
already completed — which includes 
rolling out EHR access to patients in 








www.computerworld.com 





| the Palo Alto area — Sutter’s e-health 
| initiatives include prescription bar 


coding and electronic intensive-care- 
unit monitoring. For the throughput 
needed to share the data that such sys- 


| tems demand, Sutter has moved from a 


frame-relay network to Asynchronous 
Transfer Mode Multiprotocol Label 

| Switching. And to streamline patient 

| identification, Sutter has chosen a 
master patient index product from Ini- 
tiate Systems Inc. in Chicago. 

Providence Health is introducing 
components into various provider 
communities and is trying to standard- 
ize on products from McKesson Corp. 
Although Providence Health can con- 
trol deployment schedules in the hos- 
pitals and the physician practices it op- 
erates, matters are complicated by 
physicians it works with but doesn’t 
employ. Still, Skinner says, “from a de- 
cision-support standpoint, there’s no 
question that we've greatly improved 
our practice because of these EHRs.” 

Many hope that work being done 
through regional health information 
organizations (RHIO) — competitive 
providers and payers within a region 
that have chosen to share data to im- 
prove health care delivery — will serve 
as a model for the NHIN. 

Members of the Central Appalachia 
Health Improvement Partnership be- 
gan talking about sharing clinical data 
two years ago, says Richard Eshbach, 
CIO and assistant vice president at 
Johnson City, Tenn.-based Mountain 
States Health Alliance Inc., a network 
of hospitals and physician practices 
and a member of the RHIO. The part- 
nership is using a small federal plan- 
ning grant and other funds to develop 
a plan for technology adoption, gover- 
nance and collaboration, which it ex- 
pects to complete early this year. 

Mountain States Health Alliance has 
committed $38 million over five years 
toward longitudinal EHR implementa- 
tion, which includes re-engineering 
processes, integrating databases, defin- 
ing metrics and standardizing on Soar- 
ian products from Siemens Medical 
Solutions Health Services Corp. in 
Malvern, Pa. Eshbach calls the project 
“daunting but exciting.” 

“More [health care entities] are com- 


| mitting to EHRs every year,” he says. 


“In five years, if you haven’t taken 
steps, you’re going to be way behind 
the pack and at a huge competitive dis- 
advantage in terms of quality and oper- 
ational efficiency.” @ 51989 
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Eat Your Carrots 
(And Sticks) 


Interoperable EHRs will be a pricey proposition - 
some estimates say implementing provider EHRs 
could add $10 billion to $12 billion to annual 
health care IT spending. Though large provider 
networks may have the financial wherewithal to 
implement EHRs, there are scads of small, inde- 
pendent physician practices that need to be in- 
corporated into the infrastructure. For them, de- 
ploying electronic records can be cost-prohibitive. 

“{Hospitals} will bite the bullet to do this, but the 
bulk of patient information is not generated through 
hospitalization; it's through physician offices, and 
they don’t like to spend money on technology. 
Any technology that requires them to spend more 
time on it and less on patients means less mon- 
ey,” says Brian Duggan, an analyst at Premier 
Health Care Informatics in Charlotte, N.C. 

Many believe that payers - the Centers for 
Medicare and Medicaid Services and large private 
health insurers ~ stand to gain the most from the 
efficiencies of EHRs, so they should provide fi- 
nancial incentives. “If payers really want to see 
the quality improvements and the cost reductions 
through efficiency gains that can come from 
[EHRs], then they have to provide some incen- 
tives,” says Gartner analyst Wes Rishel. Models 
could include pay for performance, as well as in- 
centives for adopting certified EHR products and 
reduced payments for failure to do so. 

“ff [payers] are going to invest money in [EHR] 
adoption, they want to target that money where it 
does some good,” Rishel adds. “They don’t want 
a physician using an Excel spreadsheet with every 
patient's name and diagnosis and then applying 
for [EHR adoption] incentives.” 

As part of its effort to create a statewide net- 
work, the Massachusetts eHealth Collaborative, a 
nonprofit collective supported by 34 institutions, 
will explore reimbursement strategies, says Dr. 
Robert Mandel, vice president of e-health at Blue 
Cross and Blue Shield of Massachusetts Inc. in 
Boston. Blue Cross and Blue Shield has commit- 
ted $50 million to seed pilot projects that will de- 
ploy EHRs and decision-support tools, as well as 
develop an infrastructure for interoperability, in 
three provider communities. The collective has is- 
sued a request for applications and will announce 
its selections in March, 

Though he says the greatest benefits of EHRs 
will be health care quality improvements, Mandel 
acknowledges that financial questions surround- 
ing EHRs are a key consideration and still largely 
unanswered. 

“If payers end up reaping 70% of the [finan- 
cial] benefits, it's incumbent on them to redistrib- 
ute that income to make physicians part of that 
sustainability. If providers or physicians reap the 
majority, they should invest on their own,” Mandel 
pve ueian dcanproaz nes rein 
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You have a printing emergency. 
Your printer has a printing error. Again. 
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APPLICATION MONITORING SOFTWARE 
IS BECOMING A CRITICAL PART OF MANY 
ORGANIZATIONS’ SYSTEMS MANAGEMENT 
PORTFOLIOS. BY SUE HILDRETH 


T’S MIDNIGHT on the campus 
of Wayne State University in 
Detroit, but many students and 
faculty members are still at 
work, entering test grades, up- 
loading notes, registering for 
ses or filling out financial aid 
forms using the university’s online 
systems. John Camp, Wayne State’s 
CIO, says it’s critical that students 
and staffers be able to complete their 
tasks unhindered by sluggish Web 
servers or database bottlenecks. 
to university systems is so 
important, in fact, that Wayne State 
recently installed the Vantage appli- 
cation monitoring tool from Compu- 
ware Corp. to sound an alert should 
any systems falter. 

“It’s strategically important that 
we make it convenient for people to 
register for classes, check grades and 
interact with professors,” explains 
Camp, noting that students, like 
everyone else, expect round-the- 
clock access to online services such 
as e-mail and financial accounts, as 
well as their class notes and other 
university-provided systems. 

“The drive toward self-service 
applications over the Internet has 
changed everything,” Camp says. 
“People have very high expectations 
of availability now.” 

These days, there’s virtually no 
business process that isn’t automated 
by software, be it payroll, purchasing, 
inventory management, customer ser- 
vice or any of thousands of other dai- 
ly activities. The increasing reliance 
on computers to conduct critical 
business transactions has motivated 
more organizations to invest in appli- 
cation monitoring and management 
technology, in addition to the tradi- 
tional network- and hardware-moni- 
toring products they already own. 

Another factor is the increasing 
complexity of distributed applica- 
tions. This interdependence of appli- 
cations makes it more difficult to 
identify problems and often leads to 
finger-pointing between IT depart- 
ments and outside vendors. 

Henry Yiin, manager of network 
administration at CDC IXIS North 
America Inc., the U.S. arm of interna- 
tional banking firm CDC IXIS, says 


most people blame the network 
when something goes wrong. So he 


relies on Network Physics Inc.’s NP- 
1000 appliance to help pinpoint the 
actual source of failure in application 
performance. 

“Two or three times, we’ve had a 
major server outage, and [the NP- 
1000] provided evidence that it 
wasn’t the network’s problem,” says 
Yiin. The NP-1000 monitors trading 
applications and the company’s Ex- 
change e-mail server. A separate 
product, BMC Software Inc.’s Patrol, 
keeps an eye on the database. 

Gartner Inc. analyst Laurie 
Wurster estimates that worldwide 
sales of application monitoring and 
management tools currently total 
$484 million annually. She has identi- 
fied at least 58 vendors of application 
monitoring and/or management 
products. Wurster’s research shows 
that sales of the tools grew by 30.7% 
from 2002 to 2003. “We're starting to 
see spending on things that will in- 
crease productivity, decrease down- 
time and make an organization run 
better for less,” she says. 

One way such tools improve pro- 
ductivity is by enabling less-technical 
employees to troubleshoot problems 
— aboon for those lone database ad- 
ministrators or ERP experts who are 
tired of being on call all the time. 

For instance, Shivaji Huttler, data- 
base manager for the Boise, Idaho, 
municipal government, replaced his 
collection of homegrown diagnostic 
scripts with BMC’s Patrol for People- 
Soft to enable other IT employees to 
troubleshoot the city’s PeopleSoft ap- 
plications. 

“It puts all the information in one 
place and makes it easy to drill down 
into the problem,” he explains. “So 
people at the help desk and other IT 
managers can see at a glance the root 
cause of a problem.” 

Patrol was particularly useful 
when Boise migrated from People- 
Soft 7.5 to 8.0 and payroll processing 
slowed to a crawl. Patrol helped 
Huttler quickly identify the bottle- 
neck. “I would have gotten to the 
root cause on my own, but with Pa- 
trol, I can do it in seconds,” he says. 


WHERE’S MY E-MAIL? 

The traditional assumption in moni- 
toring products is that if the server is 
up and the application is responding, 
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then everything is fine. In recent years, 
however, IT workers have come to re- 
alize that problems are often the result 
of software glitches, not necessarily 
the server or network hardware. 

“Monitoring a server doesn’t neces- 
sarily tell you if everything is fine. It 
may be running at 25% CPU utiliza- 
tion, but users are suffering a 5-second 
delay in response time,” says Gartner 
analyst Cameron Haight. 

Because server monitoring alone 
won't catch every problem, many tools 
now track user transactions from be- 
ginning to end. On an e-commerce site, 
a tool may run a script that mimics a 
user logging in, selecting a product 
and paying for it. It checks that all the 
steps are completed correctly. 

Marc Rieger, consulting and systems 
manager at HypoVereinsbank AG in 
Munich, says he appreciates the end- 
user view that Segue Software Inc.’s 
SilkCentral Performance Manager pro- 
vides through screen captures of er- 
rors. “I can see what was on the screen 
when the error occurred. It’s a root- 
cause-analysis function, which makes 
things easier.” 


ACTIVE VS. PASSIVE 


Some monitoring products do active 
monitoring, which involves constantly 
testing the application with synthetic 
user transactions, while others do pas- 
sive monitoring, meaning they alert 
administrators only when an actual 
transaction fails. Some tools do both. 

Sorin Fiscu, a project manger at 
Berkshire Life Insurance Company of 
America, a subsidiary of The Guardian 
Life Insurance Company of America, 
chose Empirix Inc.’s OneSight tool 
specifically for its active monitoring 
capabilities. He has set it to monitor a 
handful of critical user transactions. “If 
it finds a problem, I am — hopefully — 
alerted before the users are,” he says. 

Towers Perrin, a human resources 
consulting and management firm, uses 
Mercury Interactive Corp.'s perfor- 
mance management software for active 
monitoring and TeaLeaf Technology 
Inc.’s RealiTea for passive monitoring. 

Michael Boyer, Towers Perrin’s di- 
rector of enterprise systems and data 
management, says he generally prefers 
the passive monitoring approach be- 
cause it doesn’t require updating of 
synthetic use-case scripts. Also, he 
says monitoring actual transactions 
gives him a more accurate picture of 
what’s happening. “Only by watching 
all of the activities that real users con- 
duct can you know for certain that 
your applications are performing the 
way they should,” says Boyer. 
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MAPPING AIDS 
MONITORING 


As IT infrastructures become more complex, 
it's easy to forget which systems interact with 
one another, or even which applications are 
running in different departments. A map can 
help IT managers find their way through their 
mazes of systems. And that's why some appli- 
cation management vendors also offer appli- 
cation-mapping software. According to David 
Pinkus, senior director of software at Phoenix- 


| AGENTS VS. AGENTLESS 


| Some tools install agents on the moni- 
| tored system to collect data. Others 


use an agentless approach that in- 
volves repeatedly contacting the appli- 
cation for updates. Alex Beardsley, IT 
monitoring manager at Navitaire Inc., 
an application service provider that 
provides reservations software to the 
airline industry, says both have pros 
and cons. 

“There may be more talk over the 
network [with agentless technology] 
if you’re going for heavy application 
analysis,” he says. But for his environ- 
ment, Beardsley prefers the agentless 
approach of Mercury Interactive's Site- 
Scope because it requires less mainte- 
nance and consumes fewer CPU re- 
sources. “You don’t have bulky agents 
everywhere, all of which have to be 
maintained and upgraded,” he says. 

Steven Lee, senior consultant at 
Tembec Inc., a forest products manu- 
facturing company in Montreal, chose 
the agent-based approach of Heroix 


| Corp.’s Heroix eQ Management Suite. 
| “For us, the agent was important. A lot 
| of products were server-centric, send- 
| ing queries across the wire. We didn’t 


want to transmit passwords or use 
heavy encryption,” Lee says. 

Agents tend to gather more in-depth 
information, says Yiin. “You need 


| agents if you want to collect very gran- 


ular system information,” he explains. 


A TOOL FOR EVERY TASK 


Of course, a basic criterion for select- 
ing an application monitoring product 


| is support for the operating systems 


and applications that it must interact 
with. Tembec needed a tool to work 
with Oracle Corp. and Citrix Systems 
Inc. applications, as well as the VMS 
operating system. Towers Perrin want- 
ed support for Unix, Oracle, Windows 
and legacy mainframe systems but 


| found that many products supported 


only Windows, according to Boyer. 
On the other hand, some companies 


| want a tool that specializes in a single 
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based Apollo Group Inc., which owns the 
University of Phoenix, application mapping 
is indispensable for finding hidden applica- 
tions or code changes that might be causing 
problems. 

“Application mapping gives you a docu- 
ment of your production environment,” he 
explains. “It automatically interrogates every 
application in your environment, as well as 
hardware, and gives you a map of everything 
that's out there.” 

Pinkus uses Mercury Interactive’s Applica- 
tion Mapping tool to keep tabs on changes to 


system or application. Both multi- 


vendor and single-vendor support have 
trade-offs, notes Gartner’s Haight. 

“The best-of-breed approach gives 
you better domain knowledge, which 
gives you better time to value,” says 
Haight. “The rub is that at some point 
you may need to integrate it with the 
rest of your monitoring and manage- 
ment infrastructure.” 

Towers Perrin needed integration 
with reporting applications and 
archival software. “We made sure that 


ar 


Proactive (synthetic) and/or 
real-time monitoring 


Playback of synthetic/scripted 
transactions for verification 


Agent or agentless monitoring 


Management console for displaying 
alerts and performance.data 


Interfaces-to other management 
system consoles 


Dashboard views for different IT 
roles (e.g., database administrator, 
business manager, PeopleSoft 
Fie 1g) 
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Reporting Ort tih eed 


Integration with (or ability to export 
to) other reporting packages 
Automatic correction; some 
packages may be configured to 
make adjustments-to a system in 
response to specific alerts 


Root-cause analysis of problems 


Logging of transactions/events for 
troubleshooting or historical analysis 








the University of Phoenix's IT infrastructure. It 
also helps him compare his test environment 
to the production environment, so he can en- 
sure that new software gets tested accurately. 

Pinkus also says application mapping could 
be critical for compliance with the Sarbanes- 
Oxley Act, which governs the way public com- 
panies must handle financial records and sys- 
tems. “Without an automated discovery tool, | 
honestly don't know how you can demonstrate 
to the auditors that you have a good handle on 
everything in your environment,” he says. 

- Sue Hildreth 


it didn’t use a proprietary data engine, 
but one based on Oracle, DB2 or SQI 
Server, and also that it could do data 
management — either through propri- 
etary mechanisms or support for third- 
party tools,” says Boyer. 

Diagnostics or other problem-identi- 
fication features may also be required. 
For example, Wily Technology Inc.’s 
Introscope Transaction Tracer keeps 


| a list of all transactions that exceeded 


a performance threshold, as well as a 


| component-level breakdown of each. 


Other vendors, such as BMC, Segue 
and Mercury Interactive, also provide 
some form of diagnostics. 

Just having a log of system events at 
the time of failure can be helpful. Op- 
tionsXpress Inc., an online brokerage 
in Chicago, relies on Identify Software 
Ltd.’s AppSight Black Box tool to find 
errors when an application fails. “It 
takes a snapshot of the event. We can 
walk through the steps the user was 
doing,” explains Vlad Karpel, executive 
vice president of IT at OptionsXpress. 

The choice of a monitoring tool 
depends on internal technical factors, 
but it should also be based on business 
requirements, such as which applica- 
tions are so critical that they must be 
monitored and at what level of sophis- 
tication. 

As Camp points out, Wayne State 
purchased a monitoring tool because 
of the importance of keeping the uni- 
versity’s systems available around the 
clock. “It’s not about the tool, but what 
we're trying to achieve, which is mak- 


| ing it easy to do business with us,” he 


says. “When we moved our systems to 
the Web, we knew that people would 
expect them to be always available. It’s 
not like the mainframe days, when a 
system might be down for hours and 
nobody minded. We’re in a different 
world now: exciting, but more chal- 
lenging to manage.” © 51995 


Hildreth is a freelance writer in 
Waltham, Mass. She can be reached 
at Sue.Hildreth@comcast.net. 





28 courvrerwor danary 31,2005 


e ns 


The enemy can be anywhere - U.S. Army soldiers prepare to enter a building in 
Fallujah, Iraq, during Operation al Fajr (New Dawn) on Nov. 9, 2004. 


SIMULATING 





GRAPHICS ENGINES, SUPERCOMPUTERS 
AND REAL GUNPOWDER. BY DAN VERTON 


HEN U.S. MARINE CORPS 
and Army units launched 
their assault on Nov. 8 
against insurgents in the 
Iraqi city of Fallujah, the 
world learned what military historians 
have known for centuries: Urban con- 
flict is among the most dangerous and 
deadly forms of warfare. 

The enemy can be anywhere 
— behind any door or any win- 
dow, on any rooftop or around 
any corner. It’s the uncertainty 
and the 360-degree nature of 
the urban battle that not only makes it 
a dangerous and deadly endeavor, but 
also one of the most stressful of mili- 
tary operations. 

That raises the question: How do 
you create a training environment that 
replicates the stress and uncertainty of 
such operations? The answer: Take 


| 


FUTURE 
WATCH 


—-4—- be 


cutting-edge IT systems and graphics 
engines and integrate them with tradi- 
tional explosives and fireworks, and 
you have a self-contained, fully auto- 
mated and safe urban-warfare training 
simulation, complete with the sights 
and sounds of real car bombs, mortar 
attacks and snipers. 

The military is beginning to 
use the techniques and tech- 
nologies that the entertain- 
ment industry has already per- 
fected, says retired Air Force 
Maj. Gen. Lee Downer. Now 
a consultant at Gestalt LLC in King of 
Prussia, Pa., Downer was the senior U.S. 
Air Force officer responsible for air 
combat training and managed the ser- 
vice’s effort to Web-enable cockpit 
simulators across the country. 

“That made fighter pilots really feel 
like they were in war,” says Downer. 


| and where we will have enough poly- 
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| “They probably get harder work in the 


simulator than when they go into com- 


bat. The idea now is to translate that 


capability to the ground forces.” 
Advances in graphics engines and 
supercomputers promise to fundamen- 
tally transform military training. “In 
the last few years, PC graphics cards 
have advanced to capabilities beyond 
expensive simulation engines,” says 
Paul Debevec, a filmmaker at the Uni 
versity of Southern California’s Insti- 
tute for Creative Technologies, a re- 
search center in Marina del Rey. 
Programmers are only beginning to 
take advantage of their capabilities, he 
adds. “In particular, the cards now al- 
low for arbitrary floating-point calcu- 
lations to be performed at each pixel 
and vertex of a model, and the frame 
buffers have sufficient bit depth to rep- | 
resent the full range of light seen in the | 
real world, from deep shadows to blind- 
ing sun,” he explains. “We will soon see 
real-time 3-D models where light re- 
flects off of surfaces in the same com- 
plex ways that it does in the real world 


gons to represent even virtual humans 
realistically. Over the next 10 years, the 
speed and parallelism of graphics cards 
will increase to the point that the com- 
plex inter-reflections of light between 
the sky and walls and ground and 
clothing will be simulated in real time.” 

And research is now focusing on 
creating artificially intelligent virtual 
characters that can interact with hu- 
mans using natural language. The 
characters will understand the situa- 
tions they’re in. These characters will 
be able to act as members of the local 
populace — both friendly and hostile 
— and as virtual members of the mis- 
sion team. 

Unlike the characters in most of 
today’s simulations, these characters 
won't be following a script. Instead, 
they’ll use reasoning to determine 
what to do in a given situation. For 


Central servers monitor simulated combat 
at Fairfax, Va.-based Anteon Corp.'s 
Military Operations on Urbanized Terrain 





training facility. 
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example, a simulated character might 
be able to react unpredictably to a sol- 
dier commanding him to put his hands 
up or to drop his weapon. This will 
make characters’ behavior more realis- 
tic, and it will make their development 
easier in the long run because it won't 
be necessary to create scripts that an- 
ticipate all possible action sequences. 
Ground forces in Iraq are using PC- 
based training systems and mobile fa- 
cilities to prepare for everything from 
convoy duty to urban operations. But 
Julia Loughran, president of Vienna, 
Va.-based ThoughtLink Inc., sees tech- 
nology development taking simulation 


| and training well beyond the PC. 


“Technology will... make simula- 
tion something that will be available to 
us anywhere, anytime,” she says. “This 
means simulations will be part of our 
everyday life — on PDAs, cell phones, 
the Internet and at kiosks. The lines of 


| entertainment versus education and 


training for the military and also every 


| other career path will begin to blur.” 


Realism Gets More Real 
Dare Westmorland is senior vice presi- 
dent of Titan Dynamics Systems Inc., 


| acompany in Marshall, Texas, that has 


melded real-world explosives and fire- 
works with IT to create a controlled 


training environment that gives sol- 


diers the sounds, sights and smells of 
the real battlefield. 

Titan’s computer-controlled prod- 
ucts are being used at Fort Knox for 
convoy training. “We’ve combined 
microprocessors and pyrotechnics to 
create a realistic battlefield,” explains 
Westmorland. 

The realism is enough to get a heli- 
copter pilot’s blood pumping, he says. 
The company’s rocket-propelled 
grenade simulator, for example, will 
set off all of the onboard alarms when 
fired toward an incoming helicopter 
full of Marines or soldiers. 

The realities of the war on terror 
have sparked what Michael Kitchen, 
executive vice president of training 
and simulation at Arlington, Texas- 
based VirTra Systems Inc., calls the 
emerging market in products for 
“fourth-generation warfare” — a term 
used to describe military conflicts 
where the enemy is hidden among the 
civilian population and where the front 
lines are difficult to discern. 

“Through the development of [ad- 
vanced simulators], the soldiers can be 
placed in situations that are taken from 
actual combat incidents or created for 
specific missions,” he says. @ 51972 





Verton is a freelance writer in Burke, Va. 





1. Changes accommodated easily. 

2. Scope managed efficiently. 

3. Resources allocated precisely. 

4. Progress monitored on dashboard. 

5. Upgrade completed ahead of schedule. 


\ 


Mey 


Can you see it? 


MIDDLEWARE IS IBM SOFTWARE. Rational! Software 
It has the power to keep any-size project on schedule. On 
budget. On the right track. Built on existing assets. The IBM 
Software Development Platform is open. Flexible. It makes 


change manageable, more predictable. Market-leading 


tools like Rational ClearCase? Rational Unified Process” and 





TECHNOLOGY | 


www.computerworld.com 





BO computenworty danuary 31, 2005 


A Detour Into the 
treaming Media 


Finding herself in a new environment, our 
security manager decides to ‘go slow to 


go fast.’ By C.J. Kelly 


N MY PREVIOUS column 
[“Enough! I Quit!” Quick- 
Link 51579], I explained 
how I left my position to 
seek more amicable pastures. 
I am now working for a man- 
ager who is not only amicable, 
but also reasonable, intelli- 
gent, kind and mature. How 
did I find such a catch? I know 
the guy. I worked with him 
many years ago, and I always 
stay in touch with 
friends, ex-bosses and 
former co-workers. SE 
Rule No. 1 in this in- 
dustry is to keep your 
network alive, keep 
your contacts list up 
to date and be willing 
to do a good turn for a col- 
league. It always comes back 
to you. When my new boss 
found out I was looking for a 
job, he recalled the weekends 
that I had helped him out on a 
critical project and immedi- 
ately offered me a position. 
It’s a public-sector job, so I 
had a few mental adjustments 
to make. I’m working for a 
division within a very large 
government bureaucracy, and 
how I do my job will be very 
different from the way I oper- 
ated in the private sector. For 
one thing, budget cycles are 
very long, so long-range plan- 
ning is critical to getting funds 
allocated to specific projects. 
Security managers always 
have endless to-do lists, but 
my position isn’t well funded, 
the division isn’t well funded, 
and there’s no money to even 
hope to address the to-do list 
within three years. 
When beginning a new job, 
I always identify the quick- 
hit list, problems that can be 
solved within the first 30 days 
of employment. I want to 
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prove my worth, but upper 
management tends not to see 
security tasks — tightening 
firewall rules, fine-tuning vir- 
tual private network perfor- 
mance, making sure the latest 
operating system patches are 
installed — as critical. I need- 
ed to identify some issues that 
I could address and that man- 
agement would think were 


| worth tackling. 


Within the first 
week, I performed a 
network scan, re- 
viewed documenta- 
tion and interviewed 
my direct reports to 
get a feel for the net- 
work and security 
architecture. I found that our 
division was attached to the 


| larger government network, so 


our security was dependent 
on a vast array of network de- 
vices outside of our control. 
And the larger organization 
controlled our endpoints (that 
is, the routers). I realized I’d 
have to network diligently 
within the larger organization 
if I was going to make any 
headway in improving our 
division’s security without 
making enemies. I needed to 
spend time understanding the 
political climate; no charging 
in and demanding change. As 
the saying goes, “Go slow to 


go fast.” 


How I do my job will 
be very different from 
the way | operated in 

the private sector. 





Back to the quick-hit list. 
One of the chief complaints 
from end users was that the 
network was very slow, partic- 
ularly during certain times of 
the year. That sounded odd to 
me, but I learned that when 
the legislature is in session, 
users like to watch the ses- 
sions from their desktop com- 
puters, with both audio and 
video. I knew from reviewing 
the network architecture that 
end users had 10OMB switched 
to the desktop and, for most 
systems, Gigabit Ethernet to 
the desktop. The internal net- 
work was sound, fast and not 
nearly at capacity. 

The constraint was older 
routers (working at RAM ca- 
pacity and with slower CPUs) 
and T] lines. So within our di- 
vision alone, several hundred 
people were trying to access 
128Kbit/sec. streaming media 
sessions at the same time. 
How many people do you 
think can successfully watch 
these sessions from their 
desktops before the T1 line 
(1.544Mbit/sec.) is at capacity? 
Do the math. Connectivity to 
the larger network is all but 
cut off. The network doesn’t 
just slow down; it dies. 


Simple Solution? 

The solution seemed simple 
enough. I contacted the engi- 
neers responsible for the larg- 
er network and asked them if 
they would consider multicas- 
ting the legislative sessions to 
the entire network so that all 
the agencies would have ac- 
cess to the sessions without 
bogging down individual 
agency or division network 
connections. I received some- 
thing between a sigh and a 
moan. One of the engineers 
mumbled something about 
security concerns. I did a little 
more research and realized 
that with the size of the 
network they manage, this 





| wouldn’t be an overnight con- 


figuration change. What mul- 


| ticasting does is allow a uni- 


cast stream to be sent to each 

router within the WAN and, in 
turn, the audio/video traffic is 
multicast to the LAN. (Routers 


| and switches must be config- 


ured to multicast.) 
I then got in touch with the 
person responsible for the leg- 


| islature’s Web server farm and 


asked him if we could work 
with him directly to obtain the 
legislature’s streaming media 
feeds (server-to-server config- 
uration; forget the routers) 
and rebroadcast the streams 
within our own LAN. We got 
lucky. They were using Micro- 
soft’s streaming media Web 
servers, and we had within our 
possession a fairly beefy high- 
end server running Microsoft 
Windows 2003 Enterprise Edi- 
tion. 

It was a simple matter to en- 
able the streaming media fea- 
tures on our server and obtain 
the media feeds from theirs. 
Our end users can now enjoy 
the legislative sessions by 
clicking on links provided on 
our own intranet. We pull in 
one stream and broadcast live 
streams to however many end 
users connect to our server. 

This wasn’t a security prob- 
lem, but it did have high visi- 
bility. Now that I have this 
success under my belt, I hope 
I can focus on what I came 
here to do. Meanwhile, I have 
offered to participate in nu- 
merous committees at the 
larger government level fo- 
cused on such things as home- 
land security, IT governance 
and IT architecture. I took the 
time to seek out and meet the 
chief information security of- 
ficer, toured the data center 
and met with a guy who seems 
to have a knack for obtaining 
funding from grants and other 
sources. All in all, a pretty 
good first 30 days. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “C.J. Kelly,” whose 
name and employer have been disguised 
for obvious reasons. Contact her at 
mscjkelly@yahoo.com, or join the dis- 
cussion in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
computerworld.com/secjournal 





UA 


SAP Initiatives Aim 
At System Security 
SAP AG has launched two ini- 
tiatives aimed at helping cus- 
tomers secure their SAP soft- 


Worm Hides 
Behind Tetris 

Anew worm nicknamed 
“Cellery” (from a message it 
displays saying “Chan- 
cellery”) is said to make 
changes to the Windows start- 
up settings of an infected PC 
to ensure that the game Tetris 
starts as soon as the machine 
is booted. The worm puts up 
asmoke screen while it at- 
tempts to infect network 
drives, according to Brett 
Myroff, CEO of NetXactics 
Communication SA, a distrib- 
utor of South Africa Sophos 
PLC. He says that users are 
distracted by what looks like 
a copy of Tetris running on the 
PC, with a very convincing 
MIDI soundtrack, while the 
worm infects unsecured con- 
nections. 


VeriSign Upgrades 
E-mail Service 
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IBM Releases 
Power5 With Linux 


@ IBM is releasing a Power5 
Linux-based server. Starting at 
$3,449, OpenPower 710 is a 2U 
(3.5-in.-high) server that’s avail- 
able with one or two processors. 
Micropartitioning capability is 
available for chips in two-way 
servers for $1,500. The server 
will be available Feb. 18. 


SBC Announces 
Network Service 


@ SBC Communications Inc. in 
San Antonio has announced a 
network monitoring service, 
PremierServ, that will allow 
businesses to track network and 
application performance in muiti- 
ple locations regardless of the 
carrier being used. The new capa- 
bility uses Visual UpTime Select 
from Visual Networks. Several 
service levels are offered; monthly 
pricing wasn’t announced. 


Radvision Updates 
ProLab Test Suite 


® Radvision Ltd. in Fair Lawn, 
N.J., announced the general avail- 
ability of Version 3.5 of its ProLab 
Test Management Suite for testing 
and deploying voice- and video- 
over-IP products. Features include 
advanced signaling and media 
testing, advanced monitoring and 
built-in scripts. The product is 
available now, but pricing wasn’t 
announced. 


HP Opens ‘Noisy 
Lab’ to Test RFID 


® Hewlett-Packard Co. next 
month plans to open its RFID 
Noisy Lab in Omaha, where the 
vendor, its customers and part- 
ners can evaluate radio frequency 
identification technology in an en- 
vironment that simulates a manu- 
facturing floor and distribution 
center. The lab includes a convey- 
or that can reach speeds of 600 
feet per minute and a pallet-wrap 
station on a turntable with RFID- 
read capability. 








TECHNOLOGY 


ROBERT L. MITCHELL 


www.computerworld.com 


Kall Your Data 


T’S BEEN MORE THAN A YEAR since I wrote 
about how businesses have faced liability issues 
from data theft associated with incomplete disk 
erasure on discarded PCs and other devices (see 
“Dawn of the Undead Data,” QuickLink 43381), 
and I still receive mail about it. The problem crops up 


when the data you thought 
was completely erased isn’t. 
In some cases, industrial 
spies, hackers or others can 
still access that information, 
which may contain company 
secrets or customer data. 

Given rising concerns over 
privacy regulations and lia- 
bility, it seems appropriate 
early in 2005 to clarify the is- 
sues and offer some practical 
advice. 

Robert Houghton knows 
all about the liability issues surrounding 
disk erasure: He’s president of Re- 
demtech Inc., a company that reclaims 
computer equipment for businesses and 
must provide proof that data has been 
destroyed to its clients. If you’re going to 
do it yourself, Houghton says to choose a 
utility that meets these five criteria: 

@ It runs from a floppy or CD-ROM, 
independent of the resident operating 
system. 

@ It’s BIOS-independent — that is, it 
can access the hard disk directly. 

@ It’s compatible with all drive hard- 
ware types and configurations in use. 

@ It includes verification and error- 
checking procedures that can identify all 
failures. 

@ It creates a report/audit trail proving 
successful erasure. 

A good utility will overwrite all areas 
of the disk, including unallocated space 
and slack space — areas where old data 
can reside unseen until someone with 
forensic tools inspects the medium. 

Vince Tuesday, a security manager at 
a large financial services company, takes 
a pragmatic approach. “Any tool that can 
overwrite every sector with random 





zeros and ones with multi- 
ple passes should do the 
job,” he says. Tuesday (not 
his real name) is a former 
columnist for Computer- 
world’s Security Manager’s 
Journal. He uses East-Tec 
Sanitizer, a disk-erasure util- 
ity from East Technologies. 
He runs the utility from a 
boot floppy and makes sev- 
en to 10 passes. At that 
point, he says, unless you’re 
a government agency or 
university with huge resources to spend 
on extreme recovery measures, the data 
is pretty much unreadable. 

Just what are those extreme measures? 
This gets back to the so-called residual 
magnetism issue I brought up in my pre- 
vious column on this topic. It may be 
possible to recover overwritten data 
from the outer region of the tracks on 
which each sector of the original data 
was written. But Benjamin A. Car- 
mitchel, president of ESS Data Recovery 
Inc., says most companies don’t need to 
worry about that. 

“While it is theoretically possible to 
recover data after it has been written 
over, practically speaking, it is not feasi- 
ble unless the perpetrator spends about 
$250,000 for a spin stand and $80,000 a 
year for a knowledgeable engineer who 
can run the equipment and read the res- 
onance data,” he says. 

Engineers at ESS have been able to use 
this method on mylar (floppy) media, 
but not on a hard disk drive — yet. If for- 
eign governments or the National Secu- 
rity Agency are interested in your data, 
you may have a problem. Otherwise, you 
can probably rest easy. 








For corporate use, Carmitchel recom- 
mends X-Ways Security from X-Ways 
Software Technology AG. 

“The fact that this program gives you 
an option to overwrite free and slack 
space up to nine times with random hex 
values makes it very reliable,” Car- 
mitchel says. While multiple erasure 
passes may help your peace of mind, he 
thinks one pass is adequate. The Depart- 
ment of Defense standard 5220.22-M, 
however, requires three. And other gov- 
ernment guidelines for sanitizing media 
are classified and believed to be even 
more strict. 

Ultimately, the easiest way to manage 
disk sanitizing for large numbers of ma- 
chines is to outsource it. PC reclamation 
companies will erase the data for you as 
part of the disposal process. That’s Tues- 
day’s approach. His vendor uses Blancco 
Data Cleaner from Blancco Ltd., which 
wipes disks using a DOD-compliant 
algorithm. Inaccessible disks are de- 
stroyed, and Tuesday receives a certifi- 
cation of erasure and chain-of-custody 
documents for each asset. 

Ultimately, however, IT must decide 
what level of disk sanitization is ade- 
quate, given the risks. In most cases, a 
multipass erasure process should be 
fine. But if the value of the data is high 
enough, the only fail-safe option is to 
melt or shred the disk. 

Then again, all of this work will be for 
naught if employees have transferred 
sensitive data onto CD-ROMs or DVDs 
and then discarded them without shred- 
ding them first. Data recovery specialists 
have been able to recover data even from 
discs that were heavily scratched or 
snapped in two. But that’s a subject best 
left for another column. @ 52155 


MORE ONLINE 


Sanitization Tips: See Vince Tuesday's best practices 
for IT equipment disposal: QuickLink 52168 


Tip Sheet: Where to find disk sanitization tools 
and related information: QuickLink 52169 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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MAS HOFFMAN 
HEN SEN. PAUL S. SARBANES 
(D-Md.) and Rep. Michael Oxley 


(R-Ohio) crafted legislation in 
2002 aimed at strengthening cor 





BY THO 







porate governance and restoring 

investor confidence, little could 
they have known that the new law would help trigger a 
recasting of the CIO’s role and the responsibilities of 
corporate IT departments across the U.S. 

And it isn’t just the Sarbanes-Oxley Act of 2002 that’s 
contributing to the shift in the CIO’s role. There are 
roughly 150 corporate governance regulations that 
companies have to adhere to worldwide, according to 
George Westerman, a research scientist in the Center 
for Information Systems Research at the MIT Sloan 
School of Management. 

As a result, CIOs and IT departments have become 





integral to corporate compliance efforts, and their visi- 
bility within the organization has risen to new heights. 
Still, their increased stature may diminish once IT- 
related compliance requirements are under control. 


Dimming Spotlight 
Many believe that the evolving regulatory landscape 
has helped raise CIOs’ visibility within their organiza- 
tions. Sarbanes-Oxley compliance alone “is making 
people understand what is under the covers and how 
complex IT really is,” s Dennis Fishback, senior vice 
president and CIO at Calpine Corp., a San Jose-based 
energy company. For example, Calpine’s accounting 
group conducted 450 tests for its Sarbanes-Oxley Sec 
tion 404 readiness efforts. In comparison, the compa- 
ny’s IT department had to conduct thousands of tests to 
ensure its readiness, says Fishback. 

tems are so large and companies have become 
so much more dependent on their IT infrastructures 
that the potential for failure has gone up,” says Rob 
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SHIFT 


Austin, a fellow at Cutter Consortium in Arlington, 
Mass., and a professor at Harvard Business School. 

ile the changing regulatory environment has 
made the CIO more visible, it hasn’t necessarily made 
the role more important. That’s because the primary re- 
quirements imposed by recent regulations such as S 
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Data accessibility is a key component of 
Nant Re mut ler om eam. ae 
Pui me CM lam cles Mere eS oe 
on material changes to an organiza- 
CURT mee em RTL oe 
mentally believe this is a huge systems 
Pg) ee eRe ole 
vice president and chief technology offi- 
me Wie eee ele 
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this idea that | can store stuff up all 
week and process it Sunday night.” 

WME Lice leee Lema Velie) 
that organizations provide auditable, 
transparent systems controls, and that 
requirement is affecting how systems 
architectures are being approached and 
revised. “Clearly, when you looked at 
[systems] requirements in the past, they 
were around performance, function and 
Rrra Ammer RE amet Coe LO 
the National Association of Securities 
ree em CCL 

But now more is required. For exam- 
ple, because of the need for auditability, 
last summer NASD developed a Web- 


banes-Oxley and the USA Patriot Act 
place the onus on CEOs, chief financia 


officers and business unit leaders, with | 
CIOs playing a supporting role in com- 


pliance efforts. 

When something goes wrong with 
IT, such as inventory problems that 
arise from a botched ERP project, “it’s 
not the CIO who ends up on the hot 
seat but the CEO or CFO,” says Austin. 

“The accountability resides in those 
individuals who are directly responsi- 
ble for the business,” explains Bruce 
Fadem, CIO at Wyeth, a pharmaceuti- 
cal company based in Madison, N,J. 
Fadem is in the process of establishing 
a single set of system policies and 
standards that can be used to help 
Wyeth meet regulatory requirements 
set under Sarbanes-Oxley as well as 
those imposed by the U.S. Food and 
Drug Administration. 

Others agree that the CIO’s regula- 
tory role is more supporting than lead- 
ing. CIOs “are there to explain to se- 
nior management whatever they need 
to explain, but it’s housekeeping,” says 
Paul A. Strassmann, an author and re- 
searcher in New Canaan, Conn. And 
while those duties are essential, says 
Strassmann, CIOs “are not chiefs in the 
same sense that a CFO is.” 


Closer to the CFO 


But many see the CIO’s relationship 
with the CFO growing closer. “IT is 
going to become much more inter- 
twined with the finance function for a 
while,” says John Parkinson, senior 
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based enterprise security system that 
gives the regulator for the Nasdaq 
Be mre m UENO RM ny 
systems to ensure proper authoriza- 
tions and authentications as well as to 
CSM LMR Cem CORLL) 
systems, says Colburn. 
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the amount of data we store and create 
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er ESO 

Demands for greater data accessibil- 
ity are providing an upside for ClOs who 
have been advocating architectural 
standards and better systems controls, 
Py Nereus Claur Me eset ree eT be 
entist at the Center for Information Sys- 
tems Research at the MIT Sloan School 
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wanted to do,” he says. 

peu a ie) 


| vice president and chief technology of- 
1 | ficer for the Americas at Capgemini in 
Rosemont, Ill. “CFOs and operational 
| executives are going to want a lot more 
| evidence that IT is doing what they 
think it’s doing.” 

The regulatory environment will 
also force CIOs “to have more knowl- 
edge of business controls and account- 
| ability,” says Howard Rubin, executive 

| vice president at Meta Group Inc. in 
Stamford, Conn. For the next two to 
three years, CIOs will be required to 

| “worry about things” like data integri- 





| ty, security and the interplay between 

| controls and systems, says Rubin. The 

| result will be a closer partnership with 

| the CFO. But once those compliance 

| requirements are under control, “IT 
will fall into the backdrop of business 
processing,” he says. 


| Impact in Doubt 
| Although some experts believe that the 
| increasingly complex regulatory envi- 
ronment will raise the profile of CIOs, 
| if only temporarily, some IT chiefs 
| foresee a negative impact on their ca- 
reers as businesses become much 
more risk-averse. “The biggest change 
| for me and for other CIOs is that [in- 
creased regulation] has taken risk 
management decision-making entirely 
out of our hands, and that puts us ina 
hell of a bind,” says Calpine’s Fishback. 
“The auditors are telling us that any 
policy, process or procedure that is not 
based on trying to achieve zero or 
near-zero risk tolerance is a deficiency, 
and aggregation of enough of these de- 
ficiencies could result in a finding of 
|} One or more material weaknesses.” 
Under Sarbanes-Oxley, companies 
| are required to identify and resolve 
| any material weaknesses discovered in 
their IT or financial controls. 

“Tt makes it that much harder to con- 

| tinue to drive your costs down and 
productivity up when you have to ad- 
dress things from a no-risk perspec- 

| tive,” Fishback adds. 

It’s unclear whether regulations will 
heighten or diminish the CIO role, says 
Thomas W. Malone, a professor of 
management at the Sloan School. He 

| contends that the IT function is be- 








| STOP WHINING 


PRIVACY LAWS such as the USA Patriot 
Act and elements of the Sarbanes-Oxley Act 
of 2002 contain IT-specific requirements 
that organizations affected by these regula- 
tions have to meet. 

But are we also likely to see national legis- 
lation aimed at alerting investors to [T-related 
risks at publicly held companies? ClOs and 
industry experts say they have mixed feelings 
about that. 

There are already some examples of this 
in industry-specific regulations, says George 
Westerman, a research scientist in the Cen- 
ter for Information Systems Research at the 
MIT Sloan School of Management. For ex- 
ample, the Uniform Rating System for Infor- 
mation Technology, or URSIT, which is over- 


seen by the Federal Financial Institutions Ex- 
amination Council, requires an IT audit of 
banks and affiliated data processors. 

As for something less industry-specific, he 
says, “I would think that any forthcoming reg- 
ulations involving IT would be around risk, 
data accuracy and avoiding future surprises,” 
such as huge processing snafus or failures of 
inventory management or other critical sys- 
tems [Quicklink 51774]. 

Not everyone agrees. “It's more likely 
that we'll get security-related regulations 
than we would investor-related protections,” 
says John Parkinson, senior vice president 
and chief technology officer for the Americas 
at Capgemini. “If an ERP implementation 
fails because you're no good at it, how do 
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coming ever more important to the 
success of modern business. But as or- 
ganizations are forced to address IT- 
related issues to comply with regula- 
tions, responsibility for IT may no 
longer be left to the CIO. Instead, the 
head of marketing or the director of 
manufacturing, for example, might 
share responsibility for their divisions’ 
use of technology, he says. 
Alternatively, CIOs may see their 
current responsibilities increase be- 


| yond IT management to accountability 
| for the architecture of the entire orga- 
| nization. “CIOs have a privileged view 
| of how the organization should be 

| structured, like a chief organizational 

| architect,” says Malone. 


Clearly, experts are divided regard- 


| ing whether the new regulatory land- 
| scape will be a net positive for CIOs. 

| “It’s going to depend a lot on how the 
| executive management teams respond 


to these pressures,” says Parkinson. If 


| the organization fails to respond to IT- 


specific regulatory requirements effec- 


tively and “they cast IT and the CIO as 


a villain, then CIOs will be subject to a 


| lot of scrutiny and control,” he says. 


But if CEOs recognize that they and 
other C-level executives have to get 


| their arms around the technology op- 


portunities that regulatory compliance 
efforts provide them, says Parkinson, 
“then the office will gain in promi- 
nence and influence.” @ 51938 


Opinion: The Sarbanes-Oxley Act is the future, says 
Robert Sepanloo of Fujitsu Software 


QuickLink 50869 
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A Sarb-Ox for IT? 


you defend against that?” he asks. 

Rick Berk, CIO at Brown Brothers Harriman 
& Co. in New York, says he expects to see fed- 
eral and state legislation that's centered more 
around the archiving, maintenance and the 
accessibility of data. “We've already seen this 
with e-mail archiving legislation” specific to 
the banking industry, he adds. 

It may take just a single major IT-related 
disaster that cripples a company and causes a 
panic among investors to spur legislation spe- 
cific to IT-related risks, says Rob Austin, a pro- 
fessor at Harvard Business Schoo! “It’s only 
a matter of time before we have a train wreck 
[based on an IT failure} that brings down a 
company or hurts them badly,” he says. 

~ Thomas Hoffman 
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ou can’t put a value on how much you are saving by protecting yourself from the next attack,” 


EY 


HEADIN 


OF 


S THE CHIEF INFORMATION se- 
curity officer at Massachusetts 
Mutual Life Insurance Co., 
Bruce Bonsall is acutely aware 
of the need to keep one step 
ahead of the bad guys. 

That’s why he has subscribed to a 
cyberthreat assessment service from 
iDefense Inc. in Reston Va. 

IDefense alerts customers such as 
the Springfield, Mass.-based insurer 
about possible attacks on their net- 
works, using information gathered 
from a global network of security re- 
searchers, original vulnerability re- 
search, product vendors, national inci- 
dent-response teams, underground 
hacker rooms and chat sessions. 

The service warns about a range of 
risks — from impending worms and 
viruses to new software holes and even 
geopolitical events — that could affect 
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Security intelligence 
services Can give you a 
heads-up on impending 
threats and how to deal with 
them. By Jaikumar Vijayan 


mk 


the security of overseas operations, 
Bonsall says. 

These advance warnings are inval- 
uable at a time when Internet and 
e-mail threats are becoming more so- 
phisticated and are capable of spread- 
ing much faster than traditional de- 
fenses alone can handle, says Bonsall. 

“Gathering intelligence and learning 
about things early on gives you more 
of a lead time to act on it,” he explains. 
“The goal is to mitigate the risk of soft- 
ware vulnerabilities and the effects of 
attacks on your network.” 

Increasingly, it’s a best practice to 
subscribe to such services, according 
to a November 2004 research note 
from Gartner Inc. “Information risk 
cannot be managed without tracking 
external events on a daily or even 
hourly basis, and analyzing their sig- 
nificance,” the report says. 
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Gartner says that over the next two 
years, roughly 80% of all companies 
will spend about 10% of their security 
budgets on unnecessary fixes and that 
security intelligence services can help 
IT managers prioritize response and 
eliminate unnecessary remedial action. 


A Different Approach 


Radianz, a New York-based provider 
of telecommunications services to 
financial companies, uses a 
service from Symantec 
Corp. to monitor impend- 
ing threats. 

Symantec’s DeepSight 
threat management system 
monitors global Internet 
attack activity using a com- 
bination of empirical data 
and human intelligence, says Dee 
Liebenstein, group product manager 
for the service. 

Symantec’s early-warning system 
collects firewall and intrusion-detec- 
tion system data from about 20,000 
sensors on customer networks in 150 
countries. The data is analyzed for pat- 
terns of unusual behavior — such as 
sudden spikes in specific types of net- 
work traffic — that might suggest ma- 
licious activity. 

A team of Symantec threat special- 
ists also collects and monitors infor- 
mation from a variety of sources, in- 
cluding honeypots — systems that are 
used to lure hacker attacks — and 
hacker sites, looking for signs of new 
threats. Last May, the service warned 
users of the Sasser worm 18 days be- 
fore it began infecting systems world- 
wide, based on information it collected 
in that manner, Liebenstein says. 

That kind of lead time allows Radi- 
anz to make more-informed decisions 
when mounting a response, says Lloyd 
Hession, the company’s chief security 
officer. Because Symantec’s service is 
customized for each client, Radianz 
can focus on threats that are relevant 
only to its own technologies, he says. 

For instance, about nine months ago, 
Symantec warned of a critical protocol 
vulnerability in Radianz’s voice-over- 
IP networks that received little media 
attention but was vital to fix nonethe- 
less, he says. 

“Trying to get a measure of how sig- 
nificant a threat really is and whether it 
is really being exploited is hard,” espe- 
cially at a time when hundreds of new 
vulnerabilities are being discovered 
every month, Hession says. Knowing 
precisely what to focus on helps elimi- 
nate the otherwise costly disruptions 
that can result from rushing to address 
every single threat, he adds. 


MORE ONLINE 
Information on intelligence 
providers and 
QuickLink 51976 
Noncommercial sources 

of hacker intelligence 
Q@QuickLink 52118 
www.computerworld.com 


heir methods 


Meanwhile, regulations that require 
companies to demonstrate due dili- 
gence in securing IT infrastructures, 
such as the Sarbanes-Oxley Act, are 
driving interest in commercial intelli- 
gence services, says iDefense CEO John 
Watters. “Security is becoming more 
and more of a business issue,” he says. 

Even so, it’s wise to exercise caution 
when using security intelligence infor- 
mation, says Howard Schmidt, chief in- 
formation security officer at 
eBay Inc. and former securi- 
ty adviser to the White 
House. “I think it should be 
just one of the pieces in the 
CISO’s tool kit,” but not the 
most important one, he says. 

There’s a “fair amount of 
false positives” in the infor- 
mation culled from alerting services, 
Schmidt points out. “These services 
are only as good as the input of the 
data they get. We need to get better at 
identifying and correlating data” to 
minimize this, he says. 

“An early-warning system is like a 
weather forecast,” says Gerhard Es- 
chelbeck, chief security officer at 
Qualys Inc., a provider of network vul- 
nerability management services in 
Mountain View, Calif. “It tells you if 
you should take an umbrella. But it’s 
far from being perfect.” @ 51973 


The cost of commercial intelli- 
Me a ee ee | 
tholisands to hundreds of thou- 
UROL mse] Lee can ram Boe 
fense won't quote a price, but the 
number is “well into the six fig- 
ures,” CEO John Watters says. 
Symantec’s offering ranges from 
STomOLOUR GRIM UUme 
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while IBM charges a flat $10,000 
annually for its new Security 
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hard to determine, says Bruce 
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Mutual Life Insurance. “You can’t 
put a value on how much you are 
Pe Vim me Cam let 
from the next attack,” he says. 
But having good threat intelli- 
gence helps to reduce the cost of 
unnecessary fixes, says Bonsall, 
adding that since subscribing to 
eau ead MMe 
able to reduce his intelligence 
staff by one person. 

~ Jaikumar Vijayan 
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ALLY YOSAFAT had a 

common problem with 

an unusual outcome. 

The CIO and e-business 

leader at Global Air 
Conditioning, part of Piscataway, NJ.- 
based American Standard Cos. discov- 
ered performance snags in a Web- 
based initiative. So he got workers 
from his company and three vendors 
to spend a November weekend at a 
Wisconsin facility working together to 
solve the problem. 

It was an admirable feat of manage- 
ment, and one that might seem nearly 
impossible. Any IT executive who has 
ever worked on a project requiring 
multivendor integration knows that 
the vendors are more likely to blame 
one another than cooperate when 
something goes wrong. 

“It’s hard not to point the finger. We 
do it ourselves,” says Janette Zabran- 
sky, managing director for IT finance, 





vendor management and project man- 
agement at American Airlines Inc. in 
Fort Worth, Texas. 

But Zabransky, Yosafat and others 
don’t settle for that. They employ sev- 
eral important tools, from contractual 
language to strong management prac- 
tices, to get vendors to cooperate not 
only when work goes smoothly, but, 
more important, when systems head 
south. 

“We stress [to vendors] that if 
they’re going to be partners with us, 
they’re going to learn to partner to- 
gether,” Zabransky says. 

To encourage that, American Air- 
lines CIO Monte E. Ford meets with 
representatives from his 10 most 
strategic vendors several times a year, 
Zabransky says. These conferences al- 
low vendors to get to know one anoth- 
er and hear how much the airline val- 
ues their cooperation. 

“The softer side of managing people 





is often forgotten with vendors,” says 
Rick Swanborg, executive in residence 
at Boston University’s School of Man- 
agement and president of Icex Inc., a 
research and content management 
firm in Boston. 

The savviest CIOs regard vendors as 
“just a natural part of the company,” 
Swanborg says. They include vendors 
in strategic meetings and discussions 
about the organization’s future IT 
plans, and they take them to lunch. 

On the other hand, the vendor love- 
fest shouldn’t keep IT executives from 
spelling out expectations. Best prac- 
tices call for specific contractual lan- 
guage about cooperation. 

“I would tell suppliers that part of 
the requirement in the RFP and in the 
contract itself is cooperation,” says 
Bart Perkins, a Computerworld colum- 
nist and managing partner at Leverage 
Partners Inc., a Louisville, Ky., compa- 
ny that helps CIOs manage suppliers. 

Perkins says he likes risk/reward 
contracts, in which vendors agree to 
incentives and penalties for reaching 
or failing to reach certain objectives, 
including cooperative behavior. 

To give these contracts teeth, 
Perkins says, companies should act 
“brutally” with vendors that don’t co- 
operate: “Take them out, shoot them at 


| dawn, and make it public. Tell everyone 


you did it and why you did it.” 

Sounds harsh, but IT executives say 
it works. American Airlines contractu- 
ally requires vendors to work with 
“any other third party designated by 
the company.” It also reserves the right 
to replace a vendor representative if he 
isn’t acting professionally. Zabransky 
says she has enforced this clause, re- 
moving uncooperative workers and 
helping to select replacements who are 
more willing to work with others. 

Kyle McCormick, managing director 
at PFPC Worldwide Inc., a Wilming- 
ton, Del.-based software provider to 
the investment industry, says he spells 
out exactly what’s expected from each 
vendor, from deliverables to dates and 
milestones. “The thing that has really 
helped us get by the typical finger- 


| pointing problem is to frame out each 


area of work. If you had a pie and cut it 
into slices, each piece would have very 
specific details of what would have to 
be built in what time frame,” he says. 
IT execs say strong leadership, clear- 
ly identified point people and an estab- 
lished escalation plan all help keep ven- 
dors on track and focused on finding 
solutions rather than assigning blame. 
“We have strong responsibility 
and strong leadership,” says Deirdre 
Woods, associate dean and CIO at the 
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Wharton School at the University of 
Pennsylvania. 

Woods cites times when her staff 
had representatives of Microsoft Corp. 
and IBM together on the phone to 


| solve problems. “There’s a certain 

| amount of tenacity you need for that,” 
| she says. “But it’s part of our job now. 
| No one buys single-vendor solutions.” 


Still, neither Woods nor her direc- 


| tors handles every vendor-related 


problem. Woods says her philosophy is 


| “good management rather than micro- 


management.” She outlines clear paths 
of escalation, so if junior staffers can’t 


| get vendors working together, they 
send it up the chain of command. 


Yosafat used a combination of these 


| practices to get workers from his three 


vendors together in Wisconsin. The 
company had held team meetings, out- 
lined clear expectations and exhausted 
other attempts to solve the problem re- 
motely before calling people together 


| that November weekend. “If they’re 


used to working as a team from the be- 
ginning,” he says, “cooperation is a lot 


easier.” @ 51915 





Pratt isa Computerworld contributing 
writer in Waltham, Mass. You can con- 
tact her at markmary@mindspring.com. 


MAXIMIZING VENDOR VALUE 


Cooperation can trump competition. Here's how 


QuickLink 51918 
www.computerworld.com 
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Return on 
SOFTWARE 


Return 


Return on Software: Maximizing 
the Return on Your Software In- 
vestment, Steve Tockey (Addison- 
Wesley, 621 pages, $49.99). 
Many software developers (in- 
cluding quality assurance and 
project managers) don’t know 
how to create a business plan 
for the IT projects they work 
on or how to calculate returns 
from such efforts. But they 
should at least have a basic 
understanding of the various 
costs that go into software de- 
velopment projects and the 
kinds of returns to expect. 
Tockey, a principal consul- 
tant at Construx Software 
Builders Inc., a Bellevue, 
Wash.-based software consul- 
tancy, provides developers 
with a detailed approach for 
gaining that understanding. 
Readers with scant business 


knowledge may have trouble 
following some of the finan- 


| cial terms, such as cash-flow 





stream and equal-payment- 
series sinking-fund (say that 
three times fast!), but Tockey 
does an effective job of de- 
scribing these concepts in 
clear terms and providing 
sample formulas for readers to 
apply. He also thoroughly cov- 
ers practical financial models, 
such as depreciation account- 


Particularly useful 
are the self-study ques- 
tions at the end of each 


concepts and tech- 

niques that have been intro- 
duced, but also allow them to 
reflect upon their previous 
project experiences. 


Maximizing RO! on Software 
Development, by Vijay Sikka 
(Auberbach Publications, 


| 253 pages, $79.95). 


Whereas Tockey’s book is 
dense with financial calcula- 
tions that can be applied to 
software development proj- 
ects, Sikka’s is more of a 
primer for project managers 
or software developers who 
are just starting to get their 
arms around ROI models. 
Sikka, who spent half of his 





16-year career developing real- 


| time software quality, Six Sig- 

| ma and other systems for Intel 
| ing methods and economic life | 
| cycles for IT assets. 


Corp.’s manufacturing opera- 


| tions, deftly provides an intro- 
siete 


chapter, which not only REVIEWS 
help readers to grasp 


ductory software ROI 
road map that readers 
can return to as need- 
ed after they’ve fin- 
ished the book. 

He addresses 
ROI largely in the context of 


| newer development method- 


ologies, such as agile program- 
ming, extreme programming, 


| RAD and lean software devel- 


opment. 

What the book may lack 
in depth (many of the sub- 
sections are just one or two 


| paragraphs long) it makes 
| up for in the comprehensive 


range of topics it offers the 
neophyte IT or business 
professional. Still, I would 
have expected to see more 
in-depth analysis on labor 
arbitrage, given that labor is 
the single largest cost in soft- 
ware development. 





| Project Rescue: Avoiding a 


Project Management Disaster, 
by Sanjiv Purba and Joseph J. 


| Zucchero (McGraw-Hill Osborne 


Media, 358 pages, $39.99). 
This book, which was written 
by two executives with nearly 
50 years of IT management 
experience between them, is 
structured as a sequential ap- 
proach to rescuing failing 
projects (i.e., identifying trou- 
bled projects, assessing the 


| problems, planning the inter- 


vention, executing the inter- 
vention and so on). 

The book is aimed at any- 
one who works on IT projects, 


| and it’s very easy to follow 


and digest. It includes a slew 


| of project checklists, method- 


ologies and questions to ask at 


| various stages of a project res- 
| Cue attempt. 


Unlike IT management 


| books that take a Sermon- 


on-the-Mount approach, this 
one manages to offer prac- 
tical advice without being 
preachy. 
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| Requirements-Led Project 
Management: Discovering 
David's Slingshot, by Suzanne 
and James Robertson (Addison- 
Wesley, 327 pages, $44.99). 
The Robertsons are principals 
at The Atlantic Systems Guild 
Inc., a consulting firm with 
offices in New York and Lon- 
don that specializes in soft 
ware development methods 
and management, with a par- 

| ticular focus on the human di- 
mension. That concern with 

| the human element is evident 
in this book, which strongly 
emphasizes the need to have 
the right people involved to 
ensure that a project suc- 
ceeds. In fact, the authors 
devote an entire chapter to 

| what they refer to as “project 
sociology.” 


The premise of this well- 
devised, cleanly written book 
is how to use a requirements 

| led approach to manage the 
project development life cy- 
cle. The Robertsons contend 

| that just as David’s slingshot 

| was able to drop the mighty 

| Goliath, the effective use of 

| requirements-led project plan- 

ning can also produce dramat- 

| ic results. 

That analogy might be a bit 

| of a stretch, but anyone who’s 
been involved in a disastrous 
project will probably see some 
validity in the comparison. 

One of the strengths of this 
book is that it avoids relying 
too heavily on mind-numbing 
project-management termi- 
nology and instead is written 
on an almost conversational 
level that’s sure to appeal to 
its target readers — project 
managers, business analysts 
and team leaders. @ 52035 

— Thomas Hoffman 
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QUICK HITS 


PC Purchases 


How often do you refresh 
desktop PC hardware 
across your user base? 


@ Every three years 
@ Every four years 
@ Every five years 
@ Less than every three years 
Every six years: 1% 
——# Don't know: 1% 


Base: 78 North American companies 
(Percentages don't add up to 100 
because of rounding.) 


Through what channels do you 
purchase new PC hardware? 


Direct from manufacturer 
77% 

Local value-added reseller 

31% 
Regional distributor 
Retailer 
Bs. 
Outsourcer as part of contract 
J 3% 


Base: 78 North American companies 
(Multiple responses allowed.) 


How often do you 
refresh laptops? 


be 
he 


LYS 


@ Every three years 

@ Every four years 

@ Every five years 

@ Less than every three years 


Base: 77 North American companies 


Source: Forrester Research Inc., November 2004 
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- Outsourcing Decisions: 
They're Strategic 


HE EXPORTING OF U.S. JOBS has re- 

ceived a significant amount of media 

attention. Thousands of skilled informa- 

tion services positions have been out- 

sourced to countries with highly educated 
workforces and lower wages. 


As outsourcing decisions 
become increasingly regard- 
ed as “business as usual,” se- 
nior business management 
becomes increasingly less in- 
volved in the detailed deci- 
sion-making process. The 
result: Many sourcing deci- 
sions made today are based 
largely on economics and 
not treated as strategic by 
executives, even though the 
long-term business implica- 
tions can be monumental. 

In today’s global economy, 
the growing presence of off- 
shore service providers re- 
quires decision-makers to 
consider several strategically important 
factors: long-term productivity and cost 
projections, physical and data security, 
long-term business and employment sta- 
bility, political agenda and cultural differ- 
ences, and business continuity capability. 

Long-term productivity and cost projections. 
The drive toward outsourcing is often 
motivated by financial considerations — 
for example, to reduce capital require- 
ments and long-term operating costs. 
Offshore outsourcing meets these objec- 
tives, at least superficially and in the 
short term. Initial cost differentials of 
approximately 40% are often cited as a 
major factor in relocating business 
processes offshore. 

This differential can be significantly 
eroded, however, as you incur additional 
costs to manage and administer these 
outsourced functions. While the pro- 
vider is responsible for managing daily 
operations, you, the client, must set up 
governance processes that effectively 
measure and monitor service levels. If 
the provider’s employees lack training, 





problems with quality and 
schedule-delivery may sur- 
face. Furthermore, initial 
cost differentials will likely 
erode as Third World work- 
ers seek to raise their living 
standards through higher 
wages and benefits. 
Physical and data security. 
Treat your information as- 
sets’ security with extreme 
care. The methods used to 
handle and back up data are 
critical to minimizing your 
security exposure. Offshore 
outsourcing poses some 
unique security risks, par- 
tially because of the dis- 
tances separating you from your pro- 
viders. Design contracts to recognize 
and mitigate data security risks by speci- 
fying procedures for handling critical in- 
formation and requirements for main- 
taining those procedures. 

Remember: Merely imposing service- 
level penalties without specifying secu- 
rity procedures allows breaches of secu- 
rity at a price. A managed level of securi- 
ty requires monitoring, measurement 
and due diligence from both parties. 

Long-term business and employment stability. 
In an outsourcing transaction, the dispo- 
sition of key personnel (those with 
unique process knowledge, extraordi- 
nary relationships with constituents, or 
other skills needed for the business 
process’s ongoing success) is critical. 

Contracts should specifically identify 
key people among the outsourcer’s staff 
and limit their turnover or transfer dur- 
ing the contract term. General retention 
of the outsourcer’s less-skilled employ- 
ees is also important; high general 
turnover rates can drain the skills you 





need to maintain service levels. 

Political agenda and cultural differences. 
Successful outsourcing contracts empha- 
size control and accountability and usu- 
ally include provisions for “acts of God” 
and other unforeseen disasters that miti- 
gate the provider’s responsibility. But 
you should also consider the potential 
impact of a foreign government's poli- 
cies and actions. 

Additionally, you and your provider 
must effectively communicate and work 
together despite cultural differences. 
Politics and culture do add risks. Con- 
sider the risks, plan for them, and man- 
age them. 

Business continuity capability. Senior busi- 
ness and IT executives might wish to 
avoid the topic of disaster recovery/ 
business continuity; it’s expensive and 
doesn’t contribute positively to bottom- 
line results. However, this investment is 
a necessary cost of doing business. 

Designing and implementing an 
effective data-recovery plan requires 
effort and ongoing expense. And though 
there are more technical options avail- 
able now to facilitate data backup and 
recovery, processing recovered data 
poses the same problems IT profession- 
als have struggled with for years. The 
basic process issues (clearly identifying 
who, what, where, when and how much 
— all of which require rock-solid plans) 
are made more complex by offshore 
operations. 

Outsourcing agreements are complex. 
Treat the decision to outsource, whether 
offshore or not, as a strategic issue re- 
quiring executive involvement. Deci- 
sions must not be based solely on the 
promise of short-term cost savings but 
also on the potential solutions’ long- 
term viability. Contract terms must thor- 
oughly address the additional risks and 
complexity of offshoring. 

Be methodical and objective in making 
the outsourcing decision; don’t just fol- 
low popular trends. @ 51897 
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For over 20 years, Syntel employees across North America, Europe, and Asia 
have helped build advanced information technology systems for leading 
Fortune 500 companies and government organizations to improve their effi- 
ciency and competitiveness. Today, Syntel professionals are building 
rewarding careers by providing solutions in e-business, CRM, Web Design 
and Data Warehousing. Come discover why Syntel has been ranked one of 
“The 200 Best Small Companies in America” for the last four years in a row 


Due to our rapid growth, we have immediate, full-time opportunities for both 
entry-level and experienced individuals in the following positions: 


Business Development/Account Specialist 
Manage Sales activities and achieve sales quota for assigned territory. Help 
Syntel’s sales leadership in planning and rolling out an inside sales strategy. 


Project Leaders/Managers 

Train and manage programmer analysts on installation and configuration of 
hardware and software application, as well as be responsible for project 
planning an quality assurance. 


Programmers/ Analysts 
Analyze, design, develop, test, and maintain relational database 
management systems. 


The above-mentioned positions should possess any 
of the following skills: 


Mainframe 
* IMS DM/DC or DB2, MVS/ESA, * Focus, IDMS OR SAS 
COBOL, CICS 


DBA 
* ORACLE OR SYBASE ° DB2 


Client-Server/WEB 
* Ab-initio * Oracle Applications & Tools 


© Websphere * Lotus Notes Developer 
* Com/Dcom * UNIX System Administrator 
* Web Architects e UNIX, C, C++, Visual C++, 
© Datawarehousing CORBA, OOD or OOPS 
© Informix, C or UNIX ¢ WinNT 
* Oracle Developer or Designer * Sybase, Access or SOL server 
2000 © PeopleSoft 
* JAVA, HTML, Active X * Visual Basic 
¢ Web Commerce © PowerBuilder 
¢ SAP/R3, ABAP/4 or FICO or MM ° IEF 
& SD 


Some positions require a Bachelor's degree, others a Master's degree. We 
also accept the equivalent of the degree in education and experience. 

With Syntel (NASDAQ: SYNT, you'll enjoy excellent compensation, full ben- 
efits, employee stock purchase plan and more. Please forward your resume 
and salary requirements to: Syntel, Inc., Attn: Recruiting Manager-LD01, 525 
E. Big Beaver, Suite 300, Troy, Mi 48083. Phone: 248-619-2800; Fax: 248- 
619-2888; Equal Opportunity Employer. 


SYN Tel 
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Senior Software Engineer will 
architect and develop financial 
wireless applications requiring 
high security, high reliability and 
high availability applications to 
run on Blackberry, PALM 
Operating System, !&, and 
Netscape using a single code 
base. Will develop PRC, PQA 
and Web Clipping applications 
using C++ or VC++ and Code 
Warrior that run on PALM oper 
ating system. Will apply knowl 
edge of Visual Interdev and 
understanding of securities 
research. Will write components 

Visual Basic and/or Visual 
C++ and MTS. Will build an idea 
into a production-quality interac 
tive web-based application 
Requires Bachelor of Science or 
equivalent in Computer Science 
Engineering, Math, or Physics 
and three (3) years in job offered 
OR three (3) years experience 
developing mobile/wireless and 
web applications Candidate 
must also possess demonstrat 
ed expertise developing PRC 
PQA and Web Clipping applica- 
tions using Metroworks and 
Code Warrior; demonstrated 
expertise developing middle 
ware using COM/DCOM, XML 
and SOAP; and demonstrated 
expertise in database design 
including writing stored proce 
dures and triggers in SQL and 
PL/SQL. Salary: $77,500/yr, M 
F, 9AM-5PM. Send 2 resumes 
to Case #200300408, Labor 
Exchange Office, 19 Staniford 
St., 1st fl., Boston, MA 02114 
EOE. Applicants must be work 
ers eligible to accept full-time 
employment in U.S 


COMPUTER PROFESSIONALS 

Opportunities for 

+ SYSTEMS/BUSINESS/ 
PROGRAMMER ANALYSTS 

+ PROCESS CAPABILITY 
ANALYST 

* QC ANALYST 

* WEB ARCHITECTS 
DEVELOPERS 
SYSTEMS ANALYSTS 
WEB GRAPHIC DESIGNERS 
NETWORK ENGINEERS 
PROGRAMMER/ANALYSTS 

+ SOFTWARE ENGINEERS 

SKILLS 

* COLD FUSION + SPECTRA 

+ ORACLE + VISUAL BASIC 

+ VISUAL C++ + SIEBEL * ASP 

* COM, DCOM « JSP « HTML 


SERIES * XML,UML 
CLARIFY + PERL 

* OBJECTPERL * SPYPERL 
* SMALLTALK » PL/SQL 
* VISUAL AGE + COBOL, SPL 
UNIX 

Visit our website @ 

www.computerhorizons.com 

Attractive salaries and benefits 
Please forward your resume to 
H.R. Mgr., Computer Horizons 
Corp., 49 Old Bloomfieid 
Avenue, Mountain Lakes, New 
Jersey 07046-1495. Call 
973- -4000. E-mail: jobs@ 
computerhorizons.com. An 


Equal Opportunity Employer M/F. 


Sr DBA to lead teams to archi- 
tect, design, install, upgrade. 
perform tuning, backups of 
Oracle, Informix instances on 
Sun Soiaris, Windows servers 
configure, manage SQL*Net and 
Oracle, Apache web server with 
UNIX, Windows envir; deploy 
Serviets in Apache JServ; de- 
sign, develop new data inter 
faces with legacy systems using 
Oracle tools and Informix tools 
such as Import/Export, SQL 
Loader, PL/SQL; manage SQL 
Server for migrating the data 
from SQL server to any data- 
base; parsing the XML strings. 
into different applications; create 
stored procedures, packages 
and database triggers; propose/ 
implement methodologies/best 
practices. Require MS or foreign 
equiv in CS/Engg (any branch) 
or related field withtwp yrs exp 
as a DBA. Competitive salary 
Travel involved. F/T. Resumes 
to Global IT Solutions USi, Inc., 
600 Stevens Port Drive, Ste 125, 
Dakota Dunes, SD 57049 


Mainframe Analyst/Programmer 
(Miami, FL) Write, update, main- 
tain prgms written in COBOL 
CICS for mainframe & fin'l ser- 
vices clients. Create/ maintain 
IDMS/R_ databases. Review 
work flow charts dvipmt by 
systm analyst/prgmrs to under 
stand/advise on the computer 
tasks to perform. Create des 
cription for prgmrs/systms ana 
lysts to understand how prgm 
should access data. Write phys: 
description to protect 
thorized access & 
tampering. Provide techi support 
& guidance for COBOL systms 
Coord changes in computer 
d/bases. Review changes in 
physical dsgn of d/bases to 
effect on physical 
Establish computer 
access level for each segment 
of d/base. Specify user access 
level for retrieval, modification 
deletion. Conduct qlty contro! 
testing on codes & correcting 
errors. Enter codes to create 
production d/bases & utilities 
prgms to monitor performance 
of d/base. Modify data in fine- 
tuning d/base operations 
Generate prototype for potential 
clients to visualize applics. 9 
positions available. 40 hrs/wk, 9. 
5 pm, competitive salary. Bach 
deg or equiv, based on edu or 
exp, in Comp Sci/Systems Engg 
or related field, + 2 yrs exp in job 
offd. Resume to: SMX Services 
& Consulting, Inc., 7220 NW 
36th St., Ste #421, Miami, FL 
33166. Attn: Richard Quevedo 


Senior Software Engineer want 
ed to build and manage a team 
of developers to enhance and 
develop commercial, n-tier, web: 
based data applications. Must 
have Bachelor's degree in Com- 
puter Science or related field 
and 3 years experience devel 
oping commercial n- tier web 
based database applications for 
legal information tracking using 
ASP,VB, Com+ transactional 
technology, and SQL Server 
including experience with ad- 
vanced components, report de- 
velopment using SQL Reporting 
Services, and integration with 
document managementvassem- 
bly systems, as well as 2 years 
experience importing data from 
3rd party systems and designing 
software installation routines 
(Experience can be concurrent) 
Contact Two Step Software Inc 
169 Eim Street, 2nd Floor, Wal: 
tham, MA 02453, Attn: Kristin 
Sheard, HR Coordinator. 


SAS Information 
Systems Specialist 


Valero, Inc. has position 
opening for SAS Information 
Systems Specialist The 
Information Systems Speciai- 
ist will be responsible for ana- 
lyzing requirements, design, 
development and testing of a 
seamless integration process. 
Must have B's degree in engi- 
neering, comp sci or related 
degree (foreign degree equiv- 
alent accepted) w/ 2 years in 
position or as software devel- 
oper, programmer or consul- 
tant. Please forward resume 
to: Jennifer Moreno, One 
Valero Way, San Antonio, TX 
78249. No email or telephone 
inquiries 


Sr. Network Enginner/Project 
Mgr. Elitech International Corp 
seeks individual to design and 
implement voice networks, PBX 
voice mail and security systems 
for clients. Qualified apps must 
possess BS Electronic Eng- 
ineering and 5 years of progres- 
sively responsible experience as 
a voice/telecommunications 
engineer. Submit resume and 
references to J.Leo, Managing 
Director, 485 Seventh Ave., Ste 
900 New York NY 10018 


Business Analysts to gather, ana- 
lyze, document, propose systems 
solutions; lead JAD sessions to 
analyze, gather, define user reqs. 
business process descriptions 
using rational rose, visio etc.; re 
engineer business processes/pro- 
cedures, define/ document data 
modeis using SSAD, OOAD 
RUP; analyze system perfor 
mance exceptions, anomalies 
problem areas; provide direction 
assist project teams; Require 5 
or foreign equiv in Business/Mgmt 
CS/Engg with 2 yrs exp as 
Business analyst or similar. Comp 
Salary. Travel involved T. 
Resume to: HR, Bahwan C 

Inc., 209 West Central Street, Ste 
312, Natick, MA 01760 


Systems Analyst: Mfg/ 
Pro manufacturing and 
logistics supply chain 
application 


MBA & min 2 yrs exp 


systems 


Mfg/Pro. Mail resume to 
Al Edenzon, Firmenich, 
PO Box 5880, Prince- 
ton, NJ 08543 


Software Engineer reqd by 
Specialized Software & Consit 
Co. Create web design using 
Macromedia dreamweaver & 
Adobe Photoshop. Dvip Win 
applics using VB.NET & C#.NET. 
Dvip web applics using ASP.NET 
& ASP w/Visual Studio.NET. Dvip 
d/base scripts for Oracle & SQL 
Server d/base. Create reports 
using Crystal Reports for various 
client reqmts. Dvip secure XML 
interface btwn client & server. 
Job to be performed in Rego 
Park, NY & various unanticipated 
client sites throughout US as 
assigned. Req Masters & 1 yr 
exp in job offd. 40hr/wk, 9a - 6p 
M-F Respond to  Kapra 
Consultants, Inc, 9620 67th Ave 
Rego Park, NY 11374 


Prog Analysts to analyze, test 
wireless/web s/w systems using 
C, Java, XML/ XSL, J2EE 
JDBC, EJB, JSP, Serviets 
HTML, ASP, Oracle, SQL Server 
on Windows, LINUX & UNIX 
OS; determine functional reqs. 
write design specs, evaluate 
tech. feasibility; develop report- 
ing system for wireless app! on 
web servers/app! server: provide 
guidance for user proble 

trouble shoot production issues 
Require: BS or foreign equiv in 
CS/Comp Engg and 2 yrs exp in 
IT or M.S. in CS/Comp Engg 
High salary. Job code A2W1204 
HR, Air2Web, Inc., 1230 Peach- 
tree Street NE, Promenade I! 
12th Fi., Atlanta, GA30309. 


Programmer 
Analysts 


Seneca Foods Corporation 
is seeking Programmer 
Analysts experienced in 
LINC programming. Inter- 
ested applicants please 
respond to: 3736 S. Main 
St., Marion, NY 14505 Attn 
HR. EOE 


Sr. SW Engineersto manage 
teams, to develop, test, implement. 
SAP appls in PM, SM, MM and 
WM; analyze, design, develop 
appis using SAP R/3, ABAP/4, SAP 
Scripts, ALE/EDI etc under 
Windows, UNIX OS; evaluate 
gather user reqs to determine fez 
bility, cost, time and develop specs 
devise systern-testing methodolo- 
gy, testdebug project app! code 
train team members, end users. 
Require MS or foreign equiv in 
CS/Engg (any branch) and 3 yrs 
a BS or foreign equiv in 
any branch) and 5 yrs 
progressive exp. Travel 
involved, comp. salary, ft. Resume 
to HR, Smartsoft Intemational, Inc 
3965 Johns Creek Court, Ste 500 
Suwanee, GA30024 


Software Engg needed 
Burlington, MA based company 
has positions avail. for qualified 
candidates possessing MS/BS 
or equiv. w/ relevant work expe 
rience. Duties include: Design 
develop, implement & customize 
software applications for vari 
Ous business clients using 3 of 
the following: Unix, Sun Solaris 
IBM-AIX & SQL _ Servers 
Weblogic, C#, C/C++, Visual 
Basic, VB.NET, Java NET 
J2EE ASP.NET/ADO.NET 
DOORS, Rational Rose and 
Visio, Websphere, PL/SQL & 
Oracle/Sybase databases. Mail 
resume to Iconsoft Inc 101 
Cambridge St Suite 305 
Burlington, MA 01803 


Software Engg. Needed 
Seeking qual. candidates pos- 
sessing MS/BS or equiv 
and/or rel. work exp. Part of 
the req. rel. exp. must include 
3 yrs. working w/ Lotus Script 
SAP Workflow, & JavaScript 
Duties include design, code 
test, & debug applications 
Analyze & eval. software req 
to determine feasibility of 
design. Work w/ Lotus Script, 
SAP Workflow, JavaScript, Ja- 
va, MQ Series, & XML. Fwd 
res. & ref. to DB Concepts, HR 
Dept., 10 Presidential Way, 
Woburn, MA 01801 


Prog Analysts to analyze, devel- 
op appis using C, C++, Java 
XML, VBScript, VB, HTML, SQL 
etc; use Mercury Win Runner & 
Load Runner to provide automat- 
ed functional/regression testing, 
performance load and stress 
testing for web based appis 
interact with clients, end users for 
reqs gathering, analysis, plan- 
ning & implementation; modify, 
debug existing software appis 
Require BS or foreign equiv in 
CS/Engg (any branch) with 2 yrs: 
of exp in IT or an MS or foreign 
equiv in one of the above fields 
F/T. competitive salary. Travel 
involved. Resumes to: HR 
Semafor Technologies, inc 
3300, Holcomb Bridge Road. 
Ste212, Norcross, GA30092 


PROGRAMMER ANALYSTS 
req'd for Raleigh, NC office 
Design & Develop software 
applications using C, C++, VB 
Delphi, ASP, XML, UML, Cool 
gen, Interwoven, Oracle, PL 
SQL, Developer 2000 & De- 
signer 2000; Bachelors or 
Equivalent req'd in Computers. 
Engineering, math or related 
field of study + 2 yrs of related 
exp. 40 hrs/wk. Must have legal 
authority to work permanently in 
the U.S. Send resume to HR 
Manager, Allied Business 
Consulting, Inc., 8700 W.Bryn 
Mawr, Suite 800 South 
Chicago, IL 60631 
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HCL TECHNOLOGIES AMERICA INC. 


HCL Technologies America inc 


and its affiliate companies, like HCL 


Technologies (Illinois) Inc. and HCL Technologies (Mass.) Inc., have 


multiple openings at its offices in Sunnyvale CA; Stamford C 


Piano 


TX; Florham Park NJ; Irvine CA; Vienna VA; Boston MA; Chicago IL 
Detroit MI as well as project sites throughout the US for the following 


Positions 


Software Engineers 
Programmer Analysts 
Systems Analysts 
Database Administrators 


Systems/Network Administrators 


Project Managers 


Account Managers/Sales Managers/Business Managers 


Sales Engineers 
Industrial Engineers 
Market Research Analysts 
Management Analysts 
Legal Consultant 


Salary will be commensurate with education and experience. All 
tions may involve travel or relocating to various client sites through out 


the US 


For consideration, please send your resume (indicating the location 
and position for which you are applying) to 


HCLTA - ITC 
Attn.: HR Dept. 

330 Potrero Avenue 
Sunnyvale, CA 94085 
Email: cwjobs@hcitech.com 
www.hcitechnologies.com 


Senior Programmer/Analyst to 
design, test, implement and 
support software in a ciient 
server environment using C 
C++, VC++, Oracie, SQL and 
EDI on Windows NT and UNIX 
Platforms. Require: BS Degree 
in Computer Science, an 
Engineering discipline, or a 
closely related field with 5 years 
of progressively responsible 
experience in the Job offered or 
in the related occupation of 
Programmer. Extensive travel 
on assignments to various client 
sites within the US is required 
Salary $75,000.00 per year. 
Apply by resume to Ravi 
Kandimaila, President, Everest 
Computers, Inc. 875 Old 
Roswell Road, Suite E 400 
Roswell, GA 30076. Attn 
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Enterprise Business Solutions. 
Inc. EBS, Inc. has several per- 
manent positions open for 
Software Developers, Comput- 
er Programmers, Software En 
gineers, Systems Analysts 
Quality Assurance Engineers 
Programmer Analysts, GUI 
Programmers and Technical 
Recruiters with strong skills in 
several of the following: « 
Informix, Sybase, Oracle, DB2 
*Powerbuilder/VB/VC++/C 
C++ /Java * Windows NT/ Unix 
Admin «+ Mainframe/Cobol 
CICS/AS400/RPG * People- 
Soft, People Tools, SQR 
Oracle * Testing/Winrunner/ 
Silk/Rational/QA Run + COR- 
BA/COM/DCOM * HTML/ASP/ 
JSP * SAP R/3, ABAP 4, MM 
SD, Fi, EDI, ALE. Full time 
positions among our offices 
and client sites on an ongoing 
basis. Please send resumes 
to Enterprise Business 
Solutions, Inc., 1329 West 
Irving Park Rd., Suite 301 
Bensenville, IL 60106. An EOE 


Sr. Audio DSP Algorithm 
Engineer: Reqts: Ph.D 
CS/EE & 1 year experi- 
ence in Algorithm/Soft- 
ware design. Experience 
must include: in audio 
encoding and deveioping 
digital audio system soft- 
ware for embedded sys- 
tems, Fourier and wavelet 
techniques & audio signal 
process. Interested candi- 
dates send resume to 
jobs@audience.com 
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Legislators Seek to Extend 


Review of IBM PC Sell-off 


Three key congressmen claim that purchase 
by Lenovo could threz aten national security 


BY SUMNER LEMON 
HE PLANNED acquisi- 
tion of IBM’s PC 
business by Beijing- 
based Lenovo Group 

Ltd. may pose a threat to U.S. 

national security and deserves 

a closer review by Congress 

and government agencies, 

three prominent Republican 
lawmakers said last week. 
Their concerns about the 
deal were spelled out in a let- 
ter to U.S. Treasury Secretary 
John Snow. The letter was 


signed by House International | 


Relations Committee Chair- 
man Henry Hyde (R-III.), 
House Armed Services Com- 
mittee Chairman Duncan 
Hunter (R-Calif.) and House 
Small Business Committee 
Chairman Don Manzullo 
(R-II). 

The representatives are 
worried that the sale of the 
IBM PC unit to Lenovo could 
transfer advanced technology 
and corporate assets to the 
Chinese government, along 
with export-controlled tech- 
nology, according to a state- 
ment released by Hunter’s 
committee. 


Security Concerns 
Lenovo is a public company 
that’s listed on the Hong Kong 
stock exchange. However, its 
parent company and largest 
shareholder, Legend Holdings 
Ltd., is closely tied to the Chi- 
nese Academy of Sciences, a 
government institution that 
manages national scientific re- 
search efforts in China and is 
directly overseen by the State 
Council, China’s highest ad- 
ministrative body. 

“Given the important issues 





at stake, Congress and other 
federal agencies need more 
time to evaluate the process 
and provide comments on the 
sale,” the three lawmakers said 
in the statement. 

In response, Lenovo spokes- 
woman Angela Lee said that 


the company “continues to co- 


| operate with the routine re- 


view [of the planned acquisi- 
tion] by all regulatory bodies.” 
But the call for additional 


time to examine the deal 


makes an extended review by 


Continued from page 1 


VoIP 


VoIP in a secure manner. For 
example, the report calls for 
IT managers to build logically 
separate voice and data net- 
works. Another recommen- 
dation is that “if practical,” 
PC-based VoIP softphones 
shouldn’t be used in deploy- 
ments in which either security 
or data privacy is a priority. 
“Administrators may mis- 


| the Committee on Foreign In- 


| (CFIUS) “very likely,” 
| len Lau, an analyst at Celestial 





| 
vestment in the United States | 
said He- | 


Asia Securities Holdings Ltd. 
in Hong Kong. 
Lau said a possible result of 


| an extended review is that the 
| U.S. could allow the deal to go 


through but block the sale of 
IBM’s PC research and devel- 
opment operations. That 
would reduce Lenovo’s ability 
to compete against rivals such 


| as Dell Inc. and Hewlett- 


Packard Co., he said. 
CFIUS is an interagency 
panel that’s chaired by Snow. 





Treasury Department officials 


ogy and architecture. 

“We'll take the report and 
do additional research,” he 
said, adding that the compa- 
ny’s IT staff plans to evaluate 
future VoIP deployments in 
offices globally. 

GlaxoSmithKline is running 
separate virtual LANs for 


| voice and data traffic as part 


of the VoIP trial, Goodall said. 


| The company is also testing 
| softphone technology to see if 


takenly assume that since digi- | 


tized voice travels in packets, 
they can simply plug VoIP 
components into their already- 
secure networks and remain 
secure,” the report said. “How- 
ever, the process is not that 
simple.” 

The NIST report was being 
circulated last week among 
U.S.-based network security 


| personnel at GlaxoSmithKline 


PLC. The pharmaceutical 
maker is running a VoIP trial 
with about 450 end users at 

a facility in North Carolina, 
said Charles Goodall, its man- 
ager of global voice technol- 





it’s usable, never mind secure. 
“VoIP security is a big part 


Bes iat a 


Lower cost and 

greater flexibili- 
ty are among the 
promises of VoIP for 
the enterprise, but 
VoIP should not be 
installed without 
lemme ele 
of the security prob- 
lems introduced. 





| couldn’t be reached for com- 


ment on the review of the 
IBM/Lenovo deal last week. 
The concerns raised by 
Hyde, Hunter and Manzullo 
add to the uncertainties al- 
ready facing the acquisition, 
which was greeted skeptically 
by some of Lenovo’s investors 
and has prompted many IBM 
users to consider switching to 
a different PC vendor. 
“Change always makes peo- 
ple nervous,” said Philip Papa- 
dopoulos, an IBM ThinkPad 


| user and the program director 
| of grid and cluster computing 


at the San Diego Supercom- 
puting Center. “My nervous- 


of our strategy, but it’s not 
really at the top of the list of 
what we’re exploring,” Good- 
all said. “We won't say we 
must have it secure to deploy 
it. Even digital voice is some- 
what insecure, too.” 
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Congress and 
other federal 
agencies need more 
time to evaluate 

the process and 
provide comments 
on the sale. 


FROM A STATEMENT ISSUED BY 
REPUBLICAN CONGRESSMEN 
HENRY HYDE, DUNCAN HUNTER 
AND DON MANZULLO 


ness is that the vision of the 
ThinkPad will get lost in tran- 
sition.” Papadopoulos added, 
though, that he will likely stick 
with Lenovo if it maintains the 
quality of the product line. 

@ 52217 

Lemon ‘ine the IDG News 
Service. Fellow reporters Paul 
Kallender and Tom Krazit 


| contributed to this story. 


VoIP systems securely, said 


| Zeus Kerravala, an analyst at 


The Yankee Group in Boston. 
“Obviously, it’s important to 
think about security with 


| VoIP,” Kerravala said. “But toe 
| say some of what [NIST has] 


| said, especially about soft- 


A Good Starting Point 


Roger Farnsworth, a marketing | 
manager at Cisco, said the 

NIST report is a good place to 
start for IT managers consid- 
ering VoIP projects. He added 
that a point made by NIST 
about the difficulty of using 

the Network Address Transla- 
tion standard with VoIP is “not | 
a trivial problem.” That issue 

is being addressed by Cisco, 
other vendors and standards 
bodies, Farnsworth said. 

David Endler, an executive 
at software developer Tipping- | 
Point Technologies Inc. in 
Austin, said security vendors 
and researchers are organizing 
an alliance to call attention to 
VoIP security needs. 

But many large companies 
and federal agencies, some 
with tens of thousands of 
users, have already deployed 


| somewhat, it’s 


phones, shows a little bit of 
backwards thinking. I think, 
's written by 
Luddites.” 

NIST computer security ex- 
pert Richard Kuhn, one of the 
report’s three co-authors, said 
the document wasn’t designed 
to warn IT managers away 
from using VoIP technology. 

“VoIP is moving ahead very, 
very fast,” Kuhn said. “We 
don’t want to scare people 


| away from this. But we want 
| to point out that this is com- 


plex technology and there are 
a lot of security considera- 
tions that they may not have 


thought of.” @ 52209 


| MORE ONLINE 


| Toread a PDF version of NIST's 


report 
go to our Web site 
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Open-Source Foes 


ES, SUN MICROSYSTEMS’ new OpenSolaris really is 
an open-source project. And no, it’s not likely to be 
much like the Linux open-source project. How are they 
alike? Both projects will produce a production-grade 
version of Unix, including source code, that we'll be 
able to download and use without paying for. So from where corpo- 


rate IT sits, there’s lots of similarity. 


But where OpenSolaris and Linux came from, how they’re li- 
censed, how the code can be used — that’s all different, in some 
cases very different. And yes, that may matter to I7 after all. 


Why? Competition. As in: That’s what we get 
the benefits of. 

And not just competition between two simi- 
lar operating systems, but between two very 
dissimilar ways of doing open-source. 

Think about it. Linux was created from the 
ground up by Linus Torvalds and an army of 
programmers around the world. OpenSolaris 
was created by a major software vendor using a 


more traditional software-development process. 


Linux has a large and growing installed base. 
OpenSolaris officially has none, though Sun’s 
existing Solaris customers are a good start. 

Linux has propeller-head cachet and market 
credibility, along with billions of dollars in 
technical and marketing investment from com- 
panies such as IBM, Red Hat and Novell. Open- 
Solaris has one company behind it and Scott 
McNealy at its press conferences. 

See? Dramatically different business models, 
both of which will be competing for the same 
pool of volunteer programmers to continue de- 
velopment, and for entrepreneurs to find ways 
of making money from these products. 

Things get more interesting when we look at 
what’s usually the most boring part of a software 
package: the license agreements. 

Linux uses the popular GPL open- 
source license, which requires that 
any code that’s tightly linked with 
GPL-licensed code and then repub- 
lished must also be GPL code. That 
way, everything stays open-source. 

For OpenSolaris, Sun worked up 
its own open-source license, the 
Common Development and Distrib- 
ution License. (Actually, the CDDL 
is modeled on the open-source li- 
cense for the Firefox and Mozilla 
Web browsers.) A key feature of the 
CDDL is that it lets CDDL-licensed 





code be stitched togeiher with non-CDDL code 
— even proprietary code 

Sun’s CDDL also explicitiy licenses patents, 
and Sun says it will include 1,670 patents that go 
along with OpenSolaris code. But those patents 
can only be used with Sun’s code. Changing the 
code means losing the patent protection. That’s 
a much more limited deal than IBM’s recent 
contribution of 500 patents for use with any 
open-source code. 

Those CDDL features are heresy to Linux- 
style open-source advocates. And in practice, 
they mean it will be nearly impossible for any- 
one to distribute software that intermixes Linux 
and OpenSolaris code. The GPL and CDDL 
terms simply aren’t compatible. 

What’s good about that? It guarantees that the 
OpenSolaris project won't be a clone of Linux, no 
matter how similar the final products might be. 

They’ll compete — not just as operating sys- 
tems, but in business model, development style 
and licensing approach. 

Which version of open-source is better, and 
for what, and in what ways? That won’t be an 
academic argument. We’ll find out in the real 
world of the marketplace. 

The competition won't be pretty. 
It will bruise egos and force hard 
thinking on both sides. But out of it, 
we'll get a better Linux, a better So- 
laris — and a better understanding 
of what’s valuable in open-source. 

Not bad for something we 
thought didn’t matter, eh? 

And for you Linux partisans out- 
raged by Sun’s open-source heresy 
that violates your every assump- 
tion about how it’s done, here’s a 
word of consolation: 

Now you know how Bill Gates 
feels. @ 52199 
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Good Boss, Bad Boss 

Pilot fish is supposed to create a new corporate bud- 
get process, but his boss can’t get input from users, 
though he tries again and again. “The project is put on 
hold,” says fish. “Six months later, users question 
whether the new budget system will be ready for this 
year's budget. My boss reminds them that they haven’t 
told us what they want the system to do. To this, a user 
replies, ‘l know exactly what ! want the system to do. 
But I'm waiting to see if it'll do it.” 


Whew! make me look 


Non-IT boss good." | re-_ 
sees DSL ads on SHARK marked that 
TV, so he asks TANK. | would see 
pilot fish why the what ! could do 
company doesn't use it. j ~ and found my presen- 
“If it ain’t broke, don't fix : tation was off the meet- 
it,” fish suggests ~ but Ing agenda.” 
it's clear that the boss 
wants DSL. “I was told _Go Phish 
to put together a report | Changing certain IT se- 
outlining the pros and — : curity policies is a bad 
cons,” says fish. “I | idea, pilot fish argues in 
pored over literature, : a report for senior man- 
called colleagues, ~ agement. “I specifically 
scoured the internet for = said the average user is 
information, all the while : not aware of the types of 
dreading the inevitable. : social-engineering tac- 
Finally, | called the local: tics used,” says fish. 
DSL provider tolearn = “The point was proved 
the exact cost.” The re- : when management sent 
sponse: “Not available : the paper back for edit- 
in your area.” : ing because ‘phishing’ 
; had been misspelled.” 
Priorities 


This IT pilot fish is slated : ‘Let ‘em Try 

to give a presentation to : Web manager pilot fish 
upper management, and : needs to test the compa- 
his boss wants tosee —__ny’s public Web sites on 
a rehearsal. “I went : different platforms, so 
through the litany of : he requests a Macintosh. 
hardware and software = “The IT Cap Ex group 
updates and network im- : replied with a voice mail 
provements, then began : saying that I don’t need 
to talk about our current : a Mac - just the different 
staffing challenges,” fish _ browsers in use today,” 
says. “My boss stopped — ; grumbles fish. “I replied 
me and said, ‘I don’t : with my own voice mail, 
want you to talk about + saying they were wel- 
that. | want you to talk "come to ty ta load 
about things that will Safari on my PC.” 


seeesenenanncnenensenenaeeonsenasenesuassneenencaneeun: ene nenserenpreneen, 


THIS WEEK, SHARKY says goodbye to Sai Lai, 





IMAGINE YOUR APPLICATIONS 


THE FASTEST WAY TO MAKE YOUR 
APPLICATIONS PERFORM TOGETHER 


business processes, and enhance the value of legacy applica 


Imagine your applications — both legacy and new - 
performing together as an ensemble. 

That vision can become a reality surprisingly quickly 
with Ensemble, the Universal Integration Platform with all 
the functionality you need to rapidly complete any type of 
integration project on deadline and on budget. Even complex 
projects you may have struggled with in the past. 

With its unique fusion of powerful technologies for 
application integration, development, deployment, and 
management, Ensemble enables extremely fast integration 
and rapid development of “composite applications” — 


new business solutions that integrate data, orchestrate 


InterSystems 


tions. You’ll see real-world evidence of this in the customer 
testimonial section of our web site. 

Ensemble is exciting new software from InterSystems. 
Over the past twenty-six years our high performance 
products have been deployed in more than 100,000 
mission-critical systems around the world. 

We're so confident that Ensemble is dramatically 
faster than any other integration technology, we'll be 
happy to begin our partnership with you by conducting 
a proof-of-concept project. To request a free project, 


contact us at: www.InterSystems.com /skydivers 


es: ENSEMBLE 


Integrate Applications Faster 


To learn how enterprises like yours are using Ensemble, or if you are a System Integrator in need of a 
rapid integration platform, come to: www.InterSystems.com/skydivers 








It’s hard to get the boss excited about new servers. 
So we'll talk about saving money instead. 


Economical HP BladeSystem solutions feature the high-performance Intel® Xeon™ Processor. And 


i | 
Si orage anc network r 


they « 


hetty price taa. Instead, you’! 


THE SOLUTION 


* 2 intel* Xeon™ Processors DP up to 3.20GHz/2MB' 

+ High density: Up to 96 servers per rack 

* Flexible/Open: Integrates with existing infrastructure 

+ HP Systems Insight Manager™: Web-based 
networked managment through a single console 

* Rapid Deployment Pack: For ease of deployment 
and ongoing provisioning and reprovisioning 


SAVE $500 INSTANTLY 


t | - 
you can virtuali r total acquisition 


ge more |!—offering you ette ) adine nore § istic techr / 25 


get more experns e pefore you DU r re oay ne Ou Du upp r+ atter None of which 


Enhance your system. 


HP StorageWorks 
MSA1500cs 





THE BENEFITS? 


* 23% savings on acquisition cost 

* Up to 19% less power consumption 

+ Up to 93% fewer cables 

+ 43% less space needed for same processing power 
* Hotswappable server design 

* Single interface for local and remote management 


Up to 248 of capacity (96 250GB SATA drives) 
Up to 16TB of capacity (56 300GB SCSI drives) 
Ability to mix SCSI and Serial ATA 

enclosures for greater flexibility 

2GB/1GB Fibre connections to host 


GET UP TO 2TB 


OF STORAGE FREE* 
(Save up to $3,192) 


of servers, storage, software and networking 


with the purchase of any HP BladeSystem enclosure? 


Contact HP today for a free IDC white paper: Adapting 
to Change: Blade Systems Move into the Mainstream 


www.hp.com/go/Bladesmag20 


1-866-356-6090 


your local reseller 


1. Intel's numbering is not a measurement of higher performance. 2. Based on internal HP testing: compared to similarly configured HP1U, 2P server. For configurator, please visit: http://n30099.www3.hp.com/configurator/catalog-issipc.asp. 3. Offer valid through 4/30/05. 4. Receive up to 2TB 
ot storage free with purchase of select HP StorageWorks MSA1500 devices. Offer ends on 3/31/05. See Web site for full details. Intel, Intel logo, Intel inside, Intel Inside Logo, inte! Centrino, intel Centrino Logo, Celeron, intel Xeon, inte! SpeedStep, Itanium and Pentium are trademarks or registered 
trademarks of intel Corporation or its subsidiaries in the United States and other countries. ©2004 Hewlett-Packard Development Company, L.P. 








